Closet  talk  Is  moving  Layer  3  and  Layer  4  intelligence 
closer  to  your  wiring  closet  and  desktops  smart  or  overkill?  PAGE  13. 


Home  alone  and  dangerous  Four  companies 

share  their  secrets  for  securing  teleworkers'  offices.  PAGE  21. 
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How  Uncle  Sam’s . 
$48  billion 
IT  budget  will  shape 
networks  of 
the  future 


The  U.S.  government  / 
is  the  world’s  largest 
buyer  of  network  products 
and  services.  It’s  also  one 
of  the  few  buyers  that 
hasn’t  been  beaten  down 
by  the  economy.  In  fact,  if 
anything,  Sept.  11  has 
increased  pressure 
to  spend.  As  Uncle  Sam 
steps  up  investments  in 
e-commerce,  security  and 
IP  services,  there’s  sure  to 
be  a  ripple  effect  across 
the  network  industry. 
Here’s  an  inside  look. 
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Firewall  limits 
vex  VoIP  users 


■  BY  PHIL  HOCHMUTH  AND 
TIM  GREENE 

While  firewalls  are  the  IT  pro’s 
favorite  security  tool,  they  can 
be  troublesome  for  companies 
trying  to  deploy  IP  telephony 
over  the  Internet  as  many  fire 
walls  offer  little  or  no  support 
for  voice-over-IP  protocols. 

Firewall  vendors  and  those 
crafting  standards  are  work¬ 
ing  to  make  firewalls  operate 
effectively  with  the  widely 
deployed  H.323  protocol  and 
the  emerging  Session 
Initiation  Protocol  (SIP), 
many  users  are  skirting  the 
issue  by  encrypting  wide-area  VoIP  traffic  and 
sending  it  over  VPN  tunnels  for  site-to-site  and 
remote  office  connections.  IT  professionals  say  this 
method  for  running  VoIP  over  a  WAN  keeps  IP  con¬ 
versations  secure.They  also  say  it  eliminates  the  risk 


1 1  Voice  over  IP 
on  the  Internet  is 
certainly  doable, 
but  I  wouldn’t 
recommend  it.  9  9 

Mike  Shisko 

Director  of  IT,  Experio  Solutions 


of  exposing  a  network  to  intrud¬ 
ers,  which  comes  with  opening 
ports  on  a  firewall  to  allow  VoIP  to 
flow  through. 

“Getting  a  firewall  to  under¬ 
stand  voice  or  multimedia  proto¬ 
cols,  particularly  H.323,  is  not  sim¬ 
ple,”  says  Joel  Snyder,  a  senior 
partner  at  Opus  One,  a  firm  that 
tests  network  gear,  and  a 
Network  World  columnist.  He 
says  it  requires  the  firewall  to  act 
as  a  proxy  for  the  H.323  traffic. 

“The  H.323  proxy  in  the  firewall 
has  to  dig  deep  into  the  H.323 
protocol.  It  actually  has  to  under¬ 
stand  the  whole  protocol  to  know 
what  IP  addresses  are  going  to 
talk,  what  ports,  etc.,”  Snyder  says. 

Without  such  proxy  ability,  the  firewall  would  have 
to  open  ports  for  each  call  that  is  made,  without 
determining  whether  the  packets  are  legitimate. 

See  VoIP,  page  8 


Customers  advise  Sun 


■  BY  DENI  CONNOR 

Sun’s  Solaris  operating  system 
has  a  home  in  one  of  every  two 
IT  shops,  the  company’s  servers 
generate  more  revenue  than 
Unix  systems  giant  IBM,  and  its 
workstations  stand  second  only 
to  Dell. 

Sun  matters  a  lot  to  network 
executives,  so  Network  World 
talked  to  a  cross  section  of  the 
company’s  customers  and  asked 
what  they  would  like  to  see  from 


the  vendor.  Heading  their  wish 
lists  are  a  plea  for  price  relief  on 
servers  and  workstations,  and  in¬ 
creased  support  for  less-expen¬ 
sive  X86-based  hardware.  In  addi¬ 
tion,  customers  question  Sun’s 
continued  role  in  the  storage 
market  and  what’s  seen  as  lip  ser¬ 
vice  support  for  Linux. 

Here  are  the  specifics: 


line.com,  an  online  e-commerce 
service  in  Norwalk,  Conn.,  puts 
his  request  simply:Td  like  Sun  to 
give  us  all  the  wonderful  tools 
and  products  they  have  at  PC 
prices.” 

See  Sun,  page  10 
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How  Uncle  Sam’s  $48  billion  IT  budget 
will  shape  networks  of  the  future. 


The  U.S.  government  is  the  world’s 
largest  buyer  of  network 
products  and  services.  It’s  also 
one  of  the  few  buyers  that 
hasn’t  been  beaten  down  by  the 
economy.  In  fact,  if  anything, 
Sept.  11  has  increased 
pressure  to  spend. 


E-AUTHENTICATION 

Getting  plugged  in  to  E-Government 

Ambitious  program  comprises  two  dozen 
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company.  But  overall  these  attacks  were  less  aggressive,  according  to  Riptech.  Code  Red 
and  Nimda  worm  activity  is  abating  somewhat,  accounting  for  44%  of  overall  attack  activ¬ 
ity  as  opposed  to  63%  during  the  previous  six-month  period. 

IBM  sells  storage  vendor  Mylex 

■  Storage  vendor  LSI  Logic  will  acquire  Mylex  from  IBM  for  an  undisclosed  amount  in 
cash.  Mylex  is  a  business  unit  of  IBM  that  makes  RAID  controllers, storage  subsystems  and 
storage  components.  Acquiring  Mylex  will  give  LSI  Logic  products  for  the  entry-level  stor¬ 
age  market, including  PC1-RA1D.LSI  makes  storage  chips, digital  signal  processors, and  stor- 


■  ThiGood  lie  Bad  hellgly 


Vulnerabilities  reported  in  BIND,  BSD 

■The  CERT  Coordination  Center  last  week  warned 
of  another  flaw  in  the  software  that  supports  the 
Internet’s  DNS  and  said  systems  connected  to  the 
Internet  could  be  at  risk.  According  to  CERT,  the 
Berkeley  Internet  Name  Domain  and  the  Berkeley 
Software  Distribution  operating  system  have  buffer 
overflow  vulnerabilities  in  their  DNS  resolver 
libraries  that  could  let  an  attacker  take  over  the 
servers  running  the  affected  software. The  bug  can 
affect  server  operating  systems,  DNS  and  e-mail 
servers,  and  switches  and  routers,  which  could 
make  patching  the  software  difficult.  The  vulnera¬ 
bility  also  may  be  present  in  applications  that  have 
embedded  DNS  resolver  libraries.  No  exploits  of 
the  vulnerabilities  have  been  reported. 


Net  executives  of  the  future. 


IBM  Lotus  recently  wrapped  up  its  EXITE 
Camp  in  Cambridge,  Mass.  This  is  one  of  25 
such  camps  IBM  is  running  around  the  world 
to  spark  the  interest  of  roughly  750 
seventh-  and  eighth-grade  girls  in  math, 
science  and  technology.  Activities  include 
building  Web  sites  and  programming 
robots.  No  word  on  whether 
marshmallows  will  be  toasted.  > 


How  to  ruin  a  vacation. 

In  a  recent  telephone  survey  of  255 
business  executives,  connectivity 
products  and  peripherals  maker  logear 
found  that  82%  couldn’t  resist  checking 
e-mail,  contacting  a  colleague  or 
conducting  business-related  activities 
while  on  vacation.  Respondents  said  they 
spend  an  average  of  30  minutes  per 
day  working  during  personal  time  off. 


DAN  VASCONCEILOS 


Akamai  gets  injunction  against  Digital 
Island 


■  A  federal  judge  in  Boston  has  granted  Akamai  Technologies  its 
motion  for  a  permanent  injunction  against  Digital  Island  to  stop  it 
from  running  its  Footprint  content  delivery  service.  Akamai  had 
claimed  the  service  infringed  on  one  of  its  patents.  However,  Cable 
&  Wireless,  which  now  owns  Digital  Island,  says  the  ruling  has  no 
effect  on  the  company  or  its  customers  because  the  injunction  was 
aimed  at  a  technology  no  longer  used  within  the  Footprint  service. 

Akamai,  on  the  other  hand, said  in  a  statement  that  it  believes  Digital  Island  “cannot  effec¬ 
tively  operate  its  content  delivery  service  without  violating  these  key  claims  of  the  patent.” 
Judge  Rya  Zobel  will  issue  the  final  wording  of  the  injunction,  Akamai  says. 


Legalized  hacking? 

U.S.  Rep.  Howard  Berman  (D.-Calif.)  last  week  said  he  is  honing  in  on  the  "unbridled”  piracy  taking  place 
over  decentralized  peer-to-peer  file-sharing  networks,  by  introducing  legislation  that  would  let  copyright 
holders  employ  a  variety  of  "technological  self-help  measures"  such  as  file-blocking,  redirection,  spoofs, 
decoys  and  interdiction  to  stop  illegal  trading  of  their  works.  Because  these  measures  might  be  prohibited 
under  certain  state  and  federal  laws,  Berman  is  proposing  that  copyright  holders  be  granted  a  safe  harbor 
from  liability  for  using  such  tools  (see  related  column,  page  62). 


age  controllers  and  systems.  IBM  lately  has  been  lightening  its  load  in  the  storage  business, 
having  recently  sold  its  disk  drive  business  to  Hitachi  Data  Systems. 


Riptech  reports  rise  in  cyber  attacks 

■  Managed  security  services  provider  Riptech,  which  has  been  publishing  semiannual 
summaries  of  attacks  against  its  customer  base  as  a  way  to  benchmark  threat  activity,  last 
week  released  its  cyber-attack  analysis  for  the  first  half  of  the  year.  Riptech  says  that 
through  its  monitoring  for  clients,  it  observed  180,000  cyber  attacks,  a  28%  increase  over 
the  period  six  months  earlier,  with  an  average  of  32  attacks  per  week  (up  from  25)  per 

COMPENDIUM 

It’s  amazing  what  gets  thrown  out 

A  dumpster-diving  forum  on  DealMac  reveals  people  have  thrown  out  perfectly  usable 
Macintoshes  and  monitors,  a  rack-mounted  RS/6000  server  and  high-speed  memory 
chips:  “I  packed  them  up  and  used  the  company's  own  UPS  account  to  ship  them  off. 
Two  weeks  later  I  received  a  check  for  $35,000!" 

There's  plenty  more  stuff  you  gotta  read  in  Compendium:  www.nwfu- 
sion.com,  DocFinder:  1133. 


Company  claims  bandwidth  breakthrough 

■  A  Sarasota,  Fla.,  research  and  development  company  says  it  has  built  modulation  tech¬ 
nology  that  lets  narrowband  radio  waves  support  extremely  large  amounts  of  bandwidth. 
For  example,  using  low-frequency  paging  spectrum,  Island  Labs  says  its  technology, 
embedded  in  chipsets,  can  support  speeds  in  excess  of  150M  bit/sec.The  firm  says  it  will 
introduce  the  technology,  called  xG,at  the  Telecommunications  Industry  Association  T1A 
Ventures  2002  show  in  McLean, Va.,  July  11. “It’s  a  novel  modulation  signal  that  can  exist 
within  a  narrowband  radio  channel, "says  Joe  Bobier.CEO  of  Island  Labs.“lt  will  have  appli¬ 
cations  for  anything  that  sends  or  receives  data."Those  applications  would  include  DSL, 
cable  TV  LAN  cabling  and  wireless  LAN  technology,  he  says.The  company  is  getting  set  to 
conduct  its  first  field  trials,  which  will  focus  on  boosting  cable  TV  bandwidth. 

Symantec  catches  Mountain  Wave 

■  Symantec  last  week  announced  it  has  purchased  Mountain  Wave, the  Falls  Church, Va., 
provider  of  automated,  attack  sensing  and  warning  software.  Mountain  Wave  makes  soft¬ 
ware  called  CyberWolf  for  enterprise  security  operations  management.  Symantec  paid 
$20  million  in  cash  to  acquire  Mountain  Wave. 
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VoIP 

continued  from  page  1 

Opening  holes  in  a  firewall  for 
H.323  or  other  multimedia  proto¬ 
cols  could  leave  networks  vulner¬ 
able,  as  intruders  could  utilize 
voice  traffic  to  spoof  a  firewall 
and  gain  network  access,  experts 
say 

“The  issue  is  that  the  H.323 
stack  is  a  wide-open  stack,”  says 
Mike  Venner,  CIO  at  network  sili¬ 
con  and  component  vendor 
Broadcom. “It’s  a  hackable  stack, 
and  it’s  hard  to  control." 

To  avoid  tricky  VoIP/firewall 
issues,  Venner  uses  VPN  tunnel¬ 


ing  to  connect  remote  workers 
and  private  point-to-point  DS-3 
lines  to  connect  larger  offices. 
Fifty  Broadcom  employees  work¬ 
ing  from  home  use  IP  phones 
and  hardware-based  VPN  clients 
to  link  to  centrally  located  IP 
PBXs  from  Avaya  and  Cisco  over 
encrypted  IP  Security  tunnels. 
This  setup  lets  home  and  remote 
office  workers  have  phone 
extensions  as  if  they  were  in  the 
one  of  the  company’s  buildings 
in  Irvine, Calif.  Firewalls  at  Broad¬ 
com  stay  out  of  the  VoIP  equa¬ 
tion. 

Punching  holes  in  a  firewall 
lets  voice  pass  through  but  could 


Nokia  adds  cluster 
features  to  VPN  gear 

■  BY  TIM  GREENE 

MOUNTAIN  VIEW  CALIF —  Nokia  last  week  announced  software  for 
its  VPN  appliances  that  will  let  users  strap  together  the  devices  to 
improve  performance  and  protect  against  critical  VPN  sites  crashing. 

Clustering  technology  included  inversion  3.6  of  Nokia’s  IPSO  operat¬ 
ing  system  will  let  businesses  group  as  many  as  four  of  its  IP  series  of 
VPN  appliances  so  that  if  one  fails,  the  others  will  pick  up  its  work  with¬ 
out  dropping  active  sessions. 

In  addition  to  keeping  sites  alive,  the  clusters  will  share  the  workload, 
which  will  increase  the  VPN  processing  power  at  a  clustered  site. 
Throughput  for  the  clusterable  IP  series  appliances  ranges  from  100M 
to  more  than  1G  bit/sec. 

With  IP  clustering  technology,  the  Nokia  VPN  gateways  share  a  single 
IP  address  and  appear  to  the  network  as  a  single  device.The  VPN  gate¬ 
ways  —  part  of  Nokia’s  IP  300, 400, 500, 600  and  700  series  —  are  based 
on  Check  Fbint  Software’s  VPN-l/Firewall-1  software. 

Other  vendors  such  as  Cisco  and  WatchGuard  have  high-availability 
and  failover  options  for  their  gear, but  they  either  need  an  idle  standby 
unit  to  fail  over  to  or  time  to  re-establish  VPN  links  that  get  dropped 
when  a  device  fails.  NetScreen  does  failover  along  the  lines  of  Nokia, 
with  clustered  devices  sharing  the  workload  until  one  fails,  and  then 
the  rest  picking  up  the  failed  device’s  sessions, says  Jeff  Wilson,  director 
of  research  for  Infonetics. 

In  future  releases  of  the  clustering  software,  Nokia  will  make  it 
possible  to  create  clusters  of  more  than  four  machines,  says  Dan 
MacDonald,  a  Nokia  vice  president  of  product  management  and 
marketing. 

Customers  can  configure  clusters  to  have  one  device  handle  more  of 
the  load.  So  if  a  Nokia  IP  650  and  a  larger  IP  740  were  clustered,  more 
traffic  could  be  directed  to  the  740  than  the  650. 

A  drawback  to  clustering  is  that  it  creates  10%  overhead  needed 
for  each  device  to  keep  track  of  the  others’ sessions.  So  if  the  maxi¬ 
mum  throughput  of  a  stand-alone  appliance  is  1G  bit/sec,  when 
clustered  the  throughput  would  drop  to  900M  bit/sec,  according  to 
MacDonald. 

The  new  management  software  for  the  devices,  called  Network 
Voyager,  will  include  a  feature  called  Cluster  Monitor  that  displays  how 
long  a  cluster  has  been  up,  the  number  of  active  sessions  and  how 
many  ports  are  being  used. 

IPSO  3.6  is  available  as  a  free 
download  to  customers  who  have 
a  software  subscription,  and  it  will 
ship  standard  with  new  boxes. 
IPSO  3.6  is  in  beta  testing  now  and 
Subscribe  to  our  tree  newsletter.  *s  scheduled  to  ship  next  month. 
DocFinder.  5434  www.nwfuslon.oom  Nokia:  www.nokia.com 


put  networks  at  risk.  This 
threat  becomes  dire  for 
businesses  using  server- 
based  IP  PBXs  because  the 
phone  systems  could  be 
brought  down  by 
viruses  and  hacker 
attacks. 

“We’ve  found  that 
running  voice  over  a 
VPN  tunnel  works 
really  well,”  Venner 
says.  While  Venner  would 
not  say  what  VPN  gear  he 
uses,  he  says  the  voice  qual¬ 
ity  is  as  good  as  an  IP  tele¬ 
phony  conversation  on  the 
company’s  LAN. 


Two  types  of  problems 

The  potential  problems 
with  sending  IP  voice 
through  a  firewall  break 
down  into  two  categories: 
network  address  translation 
(NAT)  and  the  complexity  of 
VoIP  traffic. 

NAT  changes  the  source  IP  ad¬ 
dress  of  a  packet  from  a  private 
address  to  a  public  one  so  it  can 
be  routed  over  the  Internet.  The 
“NAT-ing”  device,  such  as  a  fire¬ 
wall,  keeps  track  of  what  the  pri¬ 
vate  IP  address  is,  so  returning 
traffic  can  be  routed  to  the  send¬ 
ing  device. 

IP  voice  traffic  consists  of  sig¬ 
naling  traffic  and  packets  carry¬ 
ing  the  voice  signal.  The  signal¬ 
ing  traffic,  such  as  SIP  or  H.323, 
uses  protocols  that  contain  ad¬ 
dress  information  not  just  in  the 
header  but  deeper  within  the 
packet. 

To  conduct  NAT  on  this  signal¬ 
ing  traffic,  the  firewall  must  be 
able  to  parse  and  modify  the 
packet  all  the  way  to  the  applica¬ 
tion  layer,  something  most  fire¬ 
walls  were  not  intended  to  do. 

The  signaling  traffic  and  pay- 
load  packets  involved  in  a  single 
voice  call  use  many  types  of  fire¬ 
wall  ports,  such  as  User  Data- 


VolP  and  firewalls 


Firewall  vendor  Jasomi’s  answer  to  running  VoIP  with 
firewalls  involves  a  SIP  proxy  device  to  augment  a 
traditional  firewall. 


□  SIP  voice  packet 
H  IP  data  packet 

□  Unrecognized/ 
illicit  packet 


Jasomi  PeerPoint 
appliance 
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SIP  IP  phone 


Firewall 


Switch 


Router 


SIP-based  voice 
packets,  data 
packets  and 
unauthorized 
packets  enter 
the  network. 
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The  firewall  hands  off  SIP  traffic  to 
PeerPoint,  which  terminates  the  call. 
Legitimate  SIP  traffic  is  identified  by 
the  device  and  regenerated  using  the 
company’s  private  address  space  and 
sent  to  its  destination. 


© 


All  non-SIP  packets 
are  handled  by  the 
firewall,  where  data 
packets  are  filtered 
and  sent  to  their 
proper  destinations. 


gram  Protocol  (UDP)  and  TCP 
For  a  voice  call  to  successfully 
cross  a  firewall,  these  ports  must 
be  opened.  And  to  maintain 
security,  they  must  be  closed 
when  there  is  no  traffic  flowing. 
Conventional  firewalls  were  not 
designed  to  handle  this  type  of 
complex  traffic. 

Users  could  leave  firewalls 
open  to  all  UDP  traffic  to  allow 
voice  to  go  in  and  out,  but  that 
would  violate  most  people’s  idea 
of  security. 

“It  would  work  but  the  security 
manager  would  be  fired  the 
same  day/’  says  Opher  Kahane, 
CEO  of  Kagoor  Networks,  which 
makes  VoiceFlow,  a  device  that 
can  handle  NAT  and  firewall  tra¬ 
versal  support  for  firewalls. 

VoiceFlow  also  addresses  how 
to  allow  management  traffic 
from  outside  a  site  to  pass 
through  a  firewall  to  keep  track 
of  IP  voice  gear.  Generally  net¬ 
work  security  dictates  that  such 
traffic  is  blocked  by  firewalls. 

Vendors  make  strides 

Firewall  makers,  such  as  Cisco 
and  Check  Point  Software,  have 
added  support  for  SIP  and  H.323 
to  their  firewalls.  Other  vendors 
including  Swedish  firm  Ingate, 
Acme  Packets  and  Jasomi,  offer 
VoIP-specific  firewalls  and  appli¬ 
ances  that  supplement  firewalls 
to  better  handle  voice.  Ingate’s 
device  supports  SIP  on  dynami¬ 
cally  allocated  ports  on  the  fire¬ 
wall,  which  lets  large  volumes  of 
calls  through  the  box,  as 
opposed  to  opening  a  specific 
port  on  a  firewall  for  VoIP  which 
could  leave  a  network  open  to 
intrusion,  the  company  says. 

Jasomi  says  its  PeerPoint  SIP- 
enabled  firewall  sits  outside  a 


regular  corporate  firewall  and 
acts  as  a  secure  proxy  for  SIP 
traffic  between  sites  connected 
over  a  nonsecure  network  (see 
diagram). 

The  Internet  Engineering  Task 
Force  is  working  on  a  proposal 
called  MidCom  that  would  stan¬ 
dardize  such  a  proxy  for  IP  voice 
traffic  that  is  separate  from  the 
firewall. 

“Voice  over  IP  on  the  Internet  is 
certainly  doable,  but  I  wouldn’t 
recommend  it,”  says  Mike  ko, 
director  of  IT  for  Experio 
Solutions,  a  consulting  firm. 
Experio  uses  VoIP  gear  from 
Shoreline  Communications  in 
the  comany’s  18  offices  around 
the  country  to  support  800 
employees.  The  distributed 
Shoreline  boxes  run  analog 
voice  to  desktops,  then  convert 
traffic  to  1R  which  can  be  run 
across  the  company’s  WAN  —  an 
IP  VPN  service  from  Qwest.  Cisco 
routers  at  the  edge  of  each  site 
prioritize  the  VoIP  traffic  before  it 
is  sent  to  Qwest,  where  the  voice 
and  data  flows  are  encrypted 
and  sent  across  the  VPN  instead 
of  the  Internet. 

While  ko  says  he  has  run  H.323- 
based  videoconferencing 
through  his  firewalls  and  over  the 
Internet  for  some  company  meet¬ 
ings,  he  says  he’ll  stick  with  his 
VPN  to  carry  everyday  voice. 

“We  had  discussions  of  possibly 
opening  ports  [on  our  firewalls] 
to  allow  voice  to  go  across  the 
Internet  ...but  there's  no  need  to,” 
ko  says,  adding  that  the  less  his 
network  is  exposed  to  the 
Internet,  the  more  secure  it  is.  ■ 
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Global  IP  Network 


The  NTT/VERIO  Global  IP  Network  employs  a  Tier  One  global  IP  backbone  covering  the 
Americas,  Asia,  Europe,  and  Australia.  Backed  by  NTT  Communications,  a  part  of  the  world's 
largest  telecommunications  group,  the  NTT/VERIO  Global  IP  Network  provides  Dedicated 
Internet  Access  with  built-in  redundancies,  and  speeds  ranging  from  T1  to  0C12  so  you 
always  get  your  data  where  and  when  you  need  it.  Designed  and  built  from  the  ground  up 
to  carry  IP  traffic,  this  Tier  One  Global  IP  Network  is  monitored  24  hours  a  day  and  365 
days  a  year  in  state-of-the-art  Network  Operations  Centers.  The  NTT/VERIO  Global  IP 
Network  also  provides  you  with  a  scalable  and  flexible  range  of  global  IPSec  VPN  solutions, 
including  Global  IP  Security  Gateway  Services.  And  behind  it  all  are  the  most  experienced 
technical  staff  and  most  aggressive  global  SLAs  in  the  industry. 

Visit  www.nttverio.com/ad  to  find  out  more  about  how  we  can  help  you  and  your  data  get 
where  you  re  going. 


Dedicated  Hosting 


Data  Centers 


Arcstar  Global  Network  Services 


NTT/VERIO 


NTT  Communications  Group  Offices  Japan  •  USA  •  Brazil  •  UK  •  France  •  Germany  •  Netherlands  •  Belgium  •  Switzerland 
•  Italy  •  Spain  •  Korea  •  China  •  Hong  Kong  •  Taiwan  •  Vietnam  •  Thailand  •  Indonesia  •  Singapore  •  Malaysia  •  Philippines  •  Sri  Lanka  •  Australia 

*  A  full  service  offering  may  not  be  available  in  some  areas 

NTT  is  a  trademark  of  NIPPON  TELEGRAPH  AND  TELEPHONE  CORPORATION.  Verio  is  a  trademark  of  Verio  Inc.  Arcstar  is  a  trademark  of  NTT  Communications 
Corporation.  All  other  referenced  product  names  are  trademarks  of  their  respective  owners.  ©2002  NTT  Communications  Corporation 
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WorldCom 
trying  to 
stave  off 
bankruptcy 

■  BY  MICHAEL  MARTIN 

NEW  YORK  —  WorldCom  offi¬ 
cials  said  last  week  that  for  now 
the  carrier’s  creditors  are  not  forc¬ 
ing  the  company  to  repay  its  debt 
sooner  than  scheduled,  meaning 
the  company  will  continue  to  re¬ 
sist  filing  for  bankruptcy 

Officials  also  say  WorldCom  has 
enough  cash  to  meet  short-term 
expenses,  and  is  negotiating  to 
obtain  a  $1  billion  loan  package. 

“These  have  been  very  very  dif¬ 
ficult  times,”  CEO  John  Sidgmore 
said  at  a  press  conference. “There 
has  been  an  understandable  out¬ 
pouring  of  outrage  and  anger” 

Accounting  irregularities  un¬ 
covered  at  WorldCom  by  internal 
auditors  last  month  forced  the 
company  to  restate  its  past  earn¬ 
ings  by  almost  $4  billion. 

The  restatements  meant  that 
WorldCom  was  in  default  on 
some  of  its  loans.  The  carrier’s 
creditors  could  have  demanded 
immediate  repayment  on  those 
loans  but  have  not.  Demanding 
immediate  repayment  could 
drive  WorldCom  into  bankruptcy 

“I’m  not  going  to  stand  up  here 
and  tell  you  there’s  no  way  we’re 
going  to  end  up  in  bankrupted’ 
Sidgmore  said.“America  itself  has 
a  major  stake  in  our  survival”  be¬ 
cause  WorldCom  provides  large 
portions  of  the  country’s  Internet 
and  telecommunication  service, 
he  said. 

“WorldCom  needs  the  help  and 
the  patience  and  the  understand¬ 
ing  of  our  customers  . . .  and  the 
American  people,”  he  added. 

WorldCom  recently  revealed 
that  their  CFO  had  overstated  the 
company’s  earnings  for  2001  and 
the  first  quarter  of  2002  by  re¬ 
cording  $3.85  billion  in  expenses 
as  capital  expenditures.  Once  the 
$3.85  billion  was  properly  ac¬ 
counted  for,  WorldCom’s  profits 
in  2001  and  the  first  quarter  of 
2002  turned  into  losses. 

The  company  also  is  investigat¬ 
ing  whether  there  are  any  dis¬ 
crepancies  with  its  2000  and 
1999  financial  reports. 

Sidgmore  said  that  as  of  last 
week,  no  major  customers  had 
canceled  their  contracts. 

IDG  News  Service  contributed  to 
this  story 


Sun 

continued  from  page  1 


Rose  uses  an  array  of  Sun  servers,  including  mid¬ 
range  Sun  Fire  Serengeti  machines,  which  use  the 
64-bit  versions  of  Sun’s  UltraSPARC  III  processor  and 
Solaris  operating  system.  A  low-end  single-processor 
Serengeti  (the  Sun  Fire  3800)  with  2G  bytes  of  mem¬ 
ory  starts  at  $85,500. 

John  Groenveld,  associate  research  engineer  for 
the  Applied  Research  Lab  at  Pennsylvania  State  Uni¬ 
versity,  has  the  same  need  at  the  other  end  of  Sun’s 
product  line:  “On  high-end  [servers]  Sun’s  pricing 
and  technologies  are  competitive  with  IBM  and 
other  large  system  vendors,”  Groenveld  says.  “It’s  on 
the  low  end  that  Sun  is  particularly  vulnerable.” 

Groenveld  says  most  users  can’t  afford  expensive 
SPARC  portables  or  Sun  Blade  workstations  any¬ 
more,  and  should  be  able  to  use  Solaris  on  inexpen¬ 
sive  Intel-  or  AMD-based  PCs  and  laptops.  Whereas 
Sun’s  high-end  workstations  start  at  $1,000  and  the 
heftier  Sun  Blade  2000  starts  at  $1 1,000,  Groenveld 
says  he  can  get  the  same  performance  for  less  than 
$1,000  if  he  chooses  Intel-based  workstations. 


2  Shelve  storage  products. 

Some  customers  say  Sun’s  best  strategy 
g  for  the  storage  market  would  be  a  quick 
exit. 

“The  company  should  exit  the  disk  business  as 
fast  as  possible,"  says  Rocco  Esposito,  CTO  for  win¬ 
dow-covering  manufacturer  Hunter  Douglas  in 
Upper  Saddle  River,  N.J.“The  [company]  missed  the 
boat  that  enriched  EMC  and  others,  and  needs  to 
find  other  products  and  services  that  have  signifi¬ 
cant  margins.  Enterprise  storage  is  far  too  competi¬ 
tive  today. This  is  a  major  strategic  error  that  might 
cost  Sun  its  viability’ 

Michael  LaPorta,  senior  project  manager  for  TXU 
Energy  in  Dallas,  says  that  while  Sun’s  servers  are 
robust  enough  for  databases,  until  the  company 
started  reselling  Hitachi  storage  products  such  as 
the  StorEdge  9900,  its  storage  products  weren’t  suit¬ 
able  for  data  center  needs. 

“The  T3  [array]  could  not  offer  what  we  were 
looking  for,  although  we  have  two,”  LaPorta  says. 

Robert  Banniza,  senior  system  administrator  for  As¬ 
cension  Health  in  Evansville,  Ind., says  price  also  is  a 
problem  with  Sun  storage.  “I  would  purchase  more 
storage  from  Sun  but  Sun’s  prices  [would  have]  to 
come  more  in  line  with  everyone  else,”  he  says. 

3  Give  us  Solaris  9  on  X86. 

Sun’s  decision  to  put  on  hold  Solaris  9 
g  development  on  the  X86  processor  plat¬ 
form  might  send  customers  into  the  arms 
of  Linux  unless  the  company  reconsiders. 

“Sun  has  to  apologize  for  the  bad  will  it  caused  in 
the  customer  community  by  indefinitely  delaying 
the  X86  version  of  Solaris  9  and  more  generally 
mismanaging  and  underutilizing  X86  products 
over  the  last  several  years,”  Penn  State’s  Groenveld 
says. “If  Sun  abandons  this  community  by  not  pro¬ 
viding  them  the  Solaris  on  X86  processor  option, 
then  the  community  will  migrate  to  Windows  or 
Linux.”Groenveld  uses  a  mixture  of  Dell  FowerEdge 
servers  running  Solaris  X86  and  Sun  Ultra  servers 
for  Web  hosting  and  database  applications. 

Priceline’s  Rose  agrees.  “We’re  very  happy  with 
what  we  have  from  Sun,  but  sooner  or  later,  Linux 
comes  up  to  scale,  and  it’s  going  to  cause  Sun  a  lot 
of  heartburn,  even  though  Solaris  is  a  superb  oper¬ 
ating  system.” 


Ratchet  up  the  R&D. 

While  customers  are  generally  happy 
|  with  Solaris,  they  say  it  needs  to  be 
bulked  up. 

“We  would  like  to  have  a  better  clustering  system. 
SunCluster  is  very  painful  [to  use]  and  therefore 
costly  to  deploy?’ says  Paul  Eric  Tavil, CIO  of  an  inter¬ 
national  communications  company  in  Munich, 
Germany. 

TXU  Energy’s  LaPbrta  would  like  the  domain 
capabilities  of  Sun’s  E10000, 12000  and  15K  extend¬ 
ed  to  smaller  servers  “so  1  can  domain  an  eight- 
processor  Sun  Fire  V880  [server]  and  get  four  two- 
way  systems.” 

“The  company  has  fallen  behind  its  competition 
on  the  chip-performance  curve,”  Esposito  says.  “I’d 
like  to  see  Sun  take  a  leadership  position  again.  If 
they  fall  behind  too  far,  even  the  quality  of  Solaris 
won’t  help  them  sell  enough  hardware  to  survive.” 

Support  can  use  some  help. 

Customers  say  Sun’s  support  systems 
g  could  improve. 

“Sun  needs  to  have  better  communica¬ 
tions  about  updates,  patches,  etc.,”  LaPbrta  says. 
“They  should  be  willing  to  provide  a  proactive 
response  for  free. We  have  too  many  servers  to  keep 
up  with  the  patch  levels  and  feel  that  Sun  should 
do  something  proactively  to  assist  us  with  this.” 

He  also  says  Sun  should  keep  historical  data  on  a 
per-server  basis  for  each  customer  it  supports.This 
would  let  them  see  if  a  trend  is  forming  for  a  par¬ 
ticular  server  or  range  of  servers. 

“With  no  historical  data  for  service  calls,  trending 
is  almost  impossible,”  LaPorta  says. 

6  Simplify  the  documentation. 

Dan  Gahlinger, senior  network  engineer 
g  for  Interlynx  in  Hamilton,  Ontario,  says 
that  Sun  could  help  users  by  shipping 
operating  manuals  and  documentation  with  their 
software. 

“The  first  thing  you  do  when  installing  a  new  sys¬ 
tem  is  go  out  to  sunfreeware.com  [or  docs.sun 
.com]  and  download  a  couple  hundred  mega¬ 
bytes  of  packages,” Gahlinger  says.“Why  not  include 
some  or  most  of  this  stuff  on  companion  CDs?” 

He’d  also  like  Sun  to  put  the  GNU  Compiler 
Collection  on  a  disk  that  it  ships  with  Solaris.  “It 
took  me  over  two  hours  to  download  271 M  bytes  as 
a  TAR  file,”  he  says.  TAR  is  a  Unix  command  that 
compresses  files. 

Taller  would  be  better. 

“Sun  should  add  a  taller  [rack-mount] 
cabinet  so  I  can  place  more  hardware  in 
the  same  footprint,”  says  LaPorta,  who 
would  like  to  “at  least  get  three  Sun  Enterprise  450 
servers  in  a  cabinet.”  ■ 


■  A  photo  of  Intel’s  64-bit  processor,  Itanium,  (July 
1,  page  48)  was  incorrectly  identified  as  being  of  an 
upgraded  version  of  the  processor  that  is  expected 
to  be  released  this  week. 

■  The  story  “Microsoft  needs  help  for  security 
plan  to  fly"  (July  1,  page  1)  should  have  stated  that 
Microsoft  was  one  of  the  founding  members  of  the 
Trusted  Computing  Platform  Alliance. 
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Figure  6 


The  Microsoft'  SQL  Server”  2000/Unisys  Bl  solution  offers 
$3.2  million  in  savings  compared  with  the  Oracle/Sun  system 
over  a  five-year  period. 
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TOTAL  COST  OF  OWNERSHIP  (by  category) 
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Server  2000/ 
Unisys 

□  Sun/Qracle 


CATEGORIES 


We  discovered  that  the  current  state  of  Windows  and  Intel  solutions 
offers  considerable  savings  and  an  attractive  alternative  to  the  classic 
RISC/UNIX  solutions  for  BI  implementation. 
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Going  with  the  facts  saves  money. 

microsoft.com/sql/tco  Software  for  the  Agile  Business. 


C  2002  WMUM  Group.  Source  Walklett  Group.  published  February  2002.  ©  2002  Microsoft  Corporation  All  rights  reserved  Microsoft  and  Windows  are  either  registered  trademarks  or  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries  The  names  ot  actual  companies  and  products 

mentioned  herein  may  be  the  trademarks  of  their  respective  owners. 


Running  a  network  today  is  like  keeping 
tabs  on  every  bee  in  a  hive  simultaneously. 

Tough  to  do,  but  necessary.  That's  why  we 
built  the  OptiView  Network  Analysis  Solution. 

It  gives  you  full  time  vision  -  whether  you're 
out  troubleshooting  or  at  your  console  monitor¬ 
ing  the  Big  Picture.  Everything  works  together 
the  same  way.  Everytime.  It's  a  feature  rich 
scalable  tool  set  that  lets  you  analyze  all  your 
net  activity,  all  the  time.  Including  seven  layer 
decodes.  Advanced  network  discovery.  Remote 
packet  capture  capability.  Monitoring  SNMP 
devices  and  RM0N2  traffic.  Local  and  remote 
device  mapping.  And  more.  It's  the  perfection 


of  Network  Supervision. 


See  what  you've  been  missing. 

For  a  free  network  evaluation 
and  demonstration  on  your  own 
network,  call  us  at  1-800-283-5853 
(U.S.  and  Canada)  or  425-446-4519. 
Or,  go  to  www.flukenetworks.com/ 
networkanalysis 
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TCP/IP,  LAN/WAN  SWITCHES 
ROUTERS  ■  HUBS 
ACCESS  DEVICES  ■  CLIENTS 
SERVERS  ■  OPERATING  SYSTEMS 
VPNS  ■  NETWORKED  STORAGE 


What's  in  your  wiring  closet? 

New  switches  spark  debate  over  using  advanced  technologies  to  the  desktop, 


■  BY  PHIL  HOCHMUTH 


■  Asante  recently  released  the 
InterCore  3548,  a  48-port  Ethernet 
switch  with  up  to  four  copper  and/or 
fiber  Gigabit  upiinks,  aimed  at  enter¬ 
prise  wiring  closets.  The  box  features 
48  ports  of  10/100M  bit/sec  Ethernet, 
two  fixed  lOOOBase-T  copper  Gigabit 
Ethernet  ports  and  two  expansion 
slots  for  copper  or  fiber  gigabit  inter¬ 
face  converter  modules.  The  new 
Layer  2  box  supports  four  queues  of 
quality-of-service  traffic  prioritization. 
It  is  available  now  for  $1,773.  The 
GBICs  cost  $215  for  lOOOBase-T,  $350 
for  lOOOBase-SX  and  $700  for 
lOOOBase-LX.  www.asante.com 

■  IBM  last  week  bolstered  its  tape 
products  to  give  users  more  back-up 
capacity  and  improved  performance. 
IBM  TotalStorage  Enterprise 
Tape  Drive  3590  Model  H  uses  a 
new  magnetic  recording  head  that  in¬ 
creases  the  capacity  of  the  drive  by 
50%  over  older  versions  of  the  prod¬ 
uct.  An  upgraded  40G-byte  Model  B  or 
E  drive  can  record  up  to  60G  bytes  of 
data. The  3590  attaches  to  all  IBM 
servers  and  to  servers  running  HP- 
UX,  Solaris,  Windows  NT/2000  and 
Linux.  The  company  also  has  added 
Fibre  Connection  support  to  its  IBM 
Virtual  Tape  Server,  which  increases 
performance  by  as  much  as  75%  over 
fiber-base  Enterprise  Systems  Con¬ 
nection  models.  The  Virtual  Tape 
Server  attaches  to  all  zSeries  and 
pSeries  servers,  and  those  running 
Solaris,  HP-UX  or  NT/2000.  The  3590 
starts  at  $43,500  and  is  available  this 
month.  The  Virtual  Tape  Server  with 
FICON  capability  will  be  available  in 
September  for  $30,000  per  tape  chan¬ 
nel.  www.ibm.com 

■  Server  start-up  Egenera,  which 
makes  blade- based  servers  for  large 
businesses,  announced  last  week  that 
it  had  raised  $44  million  in  third-round 
financing.  The  company  manufactures 
Egenera  BladeFrame  systems,  a 
chassis-based  server  that  contains  96 
Intel-based  blade  computers  in  one 
84-inch  rack.  The  latest  funding  brings 
Egenera's  total  to  $94  million. 
www.egenera.com 


A  recent  spate  of  Layer  3  and  Layer  4 
switch  announcements  would  seem  to 
suggest  that  the  technology  is  moving  from 
the  enterprise  backbones  to  desktop  con¬ 
nections,  with  the  promise  of  better  appli¬ 
cation  performance  and  reliability  at  the 
LAN  edge. 

While  some  users  might  long  for  the  sim¬ 
ple  days  of  desktop  hubs,  there  are  benefits 
to  pushing  more  switch  intelligence  closer 
to  the  wiring  closet,  some  observers  say. 
But  some  are  skeptical, saying  the  technol¬ 
ogy  amounts  to  costly  wiring-closet  overkill 
and  unneeded  complexity 

Cisco,  Extreme  Networks  and  Foundry 
Networks  last  month  came  out  with  new 
Layer  2  gear  touted  as  “Layer  3  aware”  or 
having  “Layer  3  and  4  services.”  Vendors 
such  as  3Com,  Hewlett-Packard,  Allied  Tele- 
syn  and  Nortel  also  offer  such  devices. 
Most  switch  vendors  also  have  full  Layer  3 
gear  and  Layer  3  software  upgrades  tar¬ 
geted  for  wiring  closets. 

The  switches  in  most  vendors’  Layer  2  to 
Layer  4  LAN  edge  portfolios  break  down  as 
follows: 

•  Pure  Layer  2: The  long-standard  Ether¬ 
net  connection  for  nonrouted  networks 
that  use  media  access  control  address  to 
move  traffic. 

•  Layer  3  and  Layer  4  “aware”:  Layer  2 
switches  with  added  software  or  silicon 
that  lets  the  switch  look  into  and  make  use 
of  the  IP  address  and  TCP/User  Datagram 
Protocol  (UDP)  information  in  packets. 
This  allows  features  such  as  access  rules 
based  on  IP  addresses  or  the  application  of 
quality  of  service  (QoS)  based  on  IP  ad¬ 
dress  orTCP/UDP  port  type. 

•  Full  Layer  3  and  4:  Hardware-based 
routers  with  full  routing  and  support  for 
protocols  such  as  Open  Shortest  Path  First 
(OSPF)  and  routing  information  protocol. 
They  move  packets  based  on  TCP/IP  ad¬ 
dresses.  They  also  can  classify  traffic 
based  on  TCP/IP  information  for  QoS 
and  security  purposes,  and  use  routing 
to  increase  bandwidth  on  uplinks  (see 
graphic,  page  14). 

Some  say  full  Layer  3  switching  in  the 
wiring  closet  can  be  valuable  because  of 
the  QoS  and  security  features.  Plus  a  fully- 
routed  network  distribution  layer  can  pro¬ 
vide  increased  bandwidth  and  quicker 
failover  of  links  in  a  wiring  closet. 

Layer  2  networks  use  the  Spanning  Tree 


Protocol  (STP)  for  rerouting  traffic  around 
a  downed  link,  but  this  requires  an  unused 
uplink  connection  to  be  present  if  a  pri¬ 
mary  link  goes  down.  Wiring  closet  boxes 
can  be  “dual-homed”  to  let  two  live  Fast  or 
Gigabit  Ethernet  links  connect  to  different 
backbone  or  aggregation  switches  by 
using  Layer  3  switching  and  OSPF  This 
allows  up  to  2G  bit/sec  of  bandwidth  to  the 
switch  and  provides  almost  instantaneous 
failover  if  an  uplink  goes  silent. 

The  Layer  3  Extreme  BlackDiamond  6804 
chassis  switch  is  used  in  wiring  closets  at 
the  Appleton  School  District  in  Wisconsin, 
which  has  26  schools  connected  via  Giga¬ 
bit  Ethernet  over  fiber. 

“We’re  connecting  Layer  3  right  to  the 
desktop,”  says  Brent  Braun,  network  infra¬ 


■  BY  DENI  CONNOR 

WOODLAND  HILLS,  CALIF  —  Storage 
software  and  hardware  vendor  Nexsan 
Technologies  introduced  an  IP  storage 
bundle  last  week  that  will  let  users  access 
the  company’s  RAID  arrays  from  a  Gigabit 
Ethernet  network. 

Called  Veriture-iPthe  storage  bundle  con¬ 
sists  of  a  StoneFly  Networks  IP  storage 
(iSCSI)  appliance,  Nexsan’s  InfiniSAN 
ATAboy2  storage  arrays 
and  storage  management 
software.  It  is  designed  to 
let  small  and  midsize  busi¬ 
nesses  and  departments 
or  workgroups  within  a 
corporation  connect  their  SCSI  arrays  to 
the  Ethernet  network,  where  they  can  be 
allocated  to  any  server. 

“Customers  will  gravitate  toward  simpler 
IP-based  [storage-area  networks]  if  [ven¬ 
dors]  can  deliver  simple-to-use,  appliance 
like  storage  management  engines  that  do 
not  require  Fibre  Channel  expertise,”  says 
Steve  Duplessie, senior  analyst  at  Enterprise 
Storage  Group. 

VeritureiP  connects  to  the  Ethernet  net¬ 
work  via  the  StoneFly  appliance,  which  in 
turn  connects  to  the  company’s  InfiniSAN 
disk  array  IP  Storage  (iSCSI)  adapters  fit  in 


structure  and  security  specialist  for  the 
school  district.“We  basically  have  routers 
in  the  wiring  closet,  but  we’re  not  using  the 
[BlackDiamond]  for  routing  as  much  as 
we  are  for  Layer  4  switching.” 

Braun  uses  Layer  4-based  rules  on  the 
switches  to  allocate  bandwidth  to  certain 
applications,  such  as  voice  over  IP  and  the 
school’s  administrative  applications,  over 
other  traffic  such  as  e-mail  and  Web  surf¬ 
ing,  he  says. 

Layer  2  QoS  packet  prioritization  was  not 
adequate  for  the  Appleton  deployment, 
Braun  says.  “You  have  a  problem  if  you 
have  a  rush  of  junk  suddenly  being  sent 
over  your  pipe  [with  Layer  2  prioritization] . 
Bandwidth  utilization  at  Layer  3  and  4 
See  Switches,  page  14 


the  network  servers  and  let  them  access 
data  located  on  the  InfiniSAN  disk. 

Management  software  from  StoneFly, 
called  StoneFusion,  groups  the  data  resid¬ 
ing  on  the  geographically  separated  Infini¬ 
SAN  ATAboy2  arrays  into  a  virtual  pool  of 
data.  Once  virtualized,  the  data  on  these 
arrays  appears  to  the  network  manager  as 
a  single  logical  group  of  data,  which  can  be 
reassigned  to  individual  users  on  the  fly 

Up  to  15  InfiniSAN  arrays  can  be 


attached  to  the  SCSI  ports  of  the  StoneFly 
appliance,  allowing  the  management  of 
more  than  25  terabytes  of  data. 

Nexsan  competes  with  vendors  that  con¬ 
verge  network-attached  storage  with  Fibre 
Channel  and  direct-attached  storage.  While 
Nexsan  and  StoneFly  focus  on  small  and 
midsize  departments  in  the  corporation, 
storage  companies  such  as  EMC,  Auspex 
and  Network  Appliance  aim  their  products 
for  enterprise-size  businesses. 

The  bundle  is  available  now  starting  at 
$22,500  for  a  system  configured  with  1 .68 
terabytes  capacity  ■ 


Nexsan  introduces 
IP  storage  bundle 


Nexsan's  VeritureiP  lets  users  attach  SCSI  RAID  arrays  to  a 
Gigabit  Ethernet  network. 
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A  contemporary  version  of  the  existen¬ 
tial  credo“l  think, therefore  I  anV’must 
be  “I  run  spell  check,  therefore  I 
write.”  For,  all  too  often,  passing  a  spell 
check  is  the  best  that  can  be  said  of  some 
technical  writing. 

With  technology  after  technology  being 
piled  on  us  in  our  daily  IT  existence,  infor¬ 
mation  overload  is  so  much  a  fact  of  life 
that  it  is  rarely  mentioned.  Yet,  it  is  only 
“words”  that  let  us  deal  with  this  glut.  Good 
writing,  then,  is  a  necessity  not  a  luxury 
The  reasons  for  this  state  of  affairs  are 
manifold.  In  some  cases,  time  is  the  enemy 
A  reporter  covering  a  breaking  news  story 
is,  almost  by  definition,  rushing  copy 
through  the  pipeline,  and  some  things  just 


Words  matter 


don’t  get  caught. 

In  other  cases,  there  is  the  carefully  craft¬ 
ed  “technospeak.”Used  by  whitepaper  writ¬ 
ers,  analysts,  vendors  and  trade  journalists, 
this  formula  demands  mixing  a  copious 
amount  of  spaceappropriate  jargon  such 
that  a  casual  reader  will  be  impressed. 
Furthermore,  when  that  reader  fails  to  un¬ 
derstand  what  is  written,  he  will  assume 
himself  to  be  inadequate  to  the  task. 

Such  pieces,  of  which  there  are  many 
examples,  hearken  back  to  a  well-worn 
maxim:“If  you  can’t  dazzle  them  with  your 
brilliance,  baffle  them  with  your . .  .’’Well, 
you  get  the  picture 

In  yet  other  cases,  sloppiness  or  just  plain 
ignorance  are  to  blame.  But  examples  tell 
the  best  story  And  these  examples  are  all 
from  a  sampling  of  trade  publications  that 
came  across  my  desk  in  recent  months. 

In  a  story  updating  the  reader  on  the 
state  of  caching  technology,  a  prominent 
bullet  list  of  “benefits”  lists:  “Increase  re¬ 
sponse  times  by  pushing  content  closer  to 
end  users.” 


So  according  to  the  writer,  before  I  install 
a  cache  1  might  have,  say,  a  3-second  re¬ 
sponse  time.  After,  I  would  “increase”  my  re¬ 
sponse  time  to,  say  4  or  5  seconds.  Huh? 
Since  when  is  an  increase  in  response  time 
beneficial?  Simple  common  sense  applies 
here.  Installing  the  cache  should  decrease 
response  times. 

Another  piece  about  new  Layer  2 
Ethernet  switches  says  the  devices  “could 
help  a  small  or  enterprise  IT  shop  roll  out 
Gigabit  Ethernet  to  the  desktop  on  the 
backbone.”  1  don’t  know  about  your  com¬ 
pany,  but  I  haven’t  encountered  many  desk¬ 
tops  on  any  backbones. 

A  piece  describing  Secure  Sockets  Layer 
accelerators  noted:  “However,  SSL  encryp¬ 
tion  and  decryption  can  use  a  lot  of  pro¬ 
cessor  overhead  ...”  So  now  it  seems  we 
have  this  “thing”  in  our  processor  that  we 
call  overhead  and  we  have  to  be  careful 
not  to  use  too  much  of  it.  Nope. 

The  working  definition  of  overhead  in  IT 
is  along  the  lines  of“resource  consumed  in 
the  process  of  providing  a  service.”  Using 


www.nwfusion.com 


SSL  creates  overhead.  If  the  writer  simply 
used  “power”  or  “resource,”  that  would  have 
been  fine,  but  opting  for  the  more  technos¬ 
peak  “overhead”  got  him  into  trouble. 

The  piece  de  resistance  was,  appropri¬ 
ately,  in  a  vendor  white  paper.  Touting  the 
benefits  of  its  revolutionary  switch  man¬ 
agement  software,  the  vendor  denigrates 
the  old  way  by  comparing  it  to  “flying  a  747 
jet  with  a  sexton.” 

Well,  at  least  it  sounds  good.  A  sexton,  the 
dictionary  tells  us,  is  “a  church  worker 
whose  job  it  is  to  ring  bells  and  dig  graves.” 
Who’d  want  him  up  front  helping  out? 

Could  it  be  that  the  writer  meant  “sex¬ 
tant,”  a  tool  used  for  celestial  navigation?  I 
hope  so. 

Writers  should  be  more  careful  and, 
sadly,  so  must  readers.  After  all,  words 
matter. 

Tolly  is  president  of  The  Tolly  Group,  a 
strategic  consulting  and  independent  test¬ 
ing  company  in  Manasquan,  N.J.  He  can  be 
reached  at  ktolly@tolly.com. 


What's  in  your  closet? 

Multilayer  switching  at  the  LAN  edge  has  its  good  points  and  bad. 

Layer  3 

£ 


Pros 


•  More  traffic  shaping 
and  QoS  options 

•  More  uplink  bandwidth 
and  faster  failover 

Cons 

•  More  expensive 

•  Added  complexity  with 
more  routing  tables  and 
protocols 
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•  QoS  still  possible  with 

Layer2  802.1p  and  802.1Q 
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Cons 

•  Lower  bandwidth  to 
backbone  with  slower 
failover 

•  Might  not  support 
future  video/voice  apps 

—  Live  Gigabit  link 
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Inactive/standby  gig  link 


10/100M  bit/sec  link 


Switches 

continued  from  page  13 

allows  for  voice  to  get  a  certain  percentage 
of  the  pipe,  so  no  matter  how  much  junk 
goes  through  there,  voice  will  always  get  its 
required  amount  of  bandwidth,”  he  adds. 

Layer  4  technology  in  LANs  also  has 
caught  on  with  users.  A  recent  survey  of 
500  Network  World  readers  showed  that 
33%  of  enterprise  users  have  bought  Layer 
4  switches  while  another  13%  said  they 
will  buy  the  technology  during  the  next 
two  years. 

Some  vendors  say  their  switches  with 
Layer  3  and  Layer  4  services  are  an  alterna¬ 
tive  to  putting  routed  ports  out  to  users. 

“We  are  actively  discouraging  customers 
from  deploying  Layer  3  routing  to  users,” 
says  Maciej  Kranz, director  of  marketing  for 
Cisco’s  desktop  switching  business.  Using 
Layer  3  and  Layer  4  packet  inspection  on 
Layer  2  desktop  ports  adds  QoS  and  secu¬ 
rity  features,  and  keeps  the  deployment 
simple,  he  says. 

While  there  are  benefits  such  as  added 
security  and  quicker  routing  between  vir¬ 
tual  LANs  with  full  Layer  3,  Kranz  says  most 
deployments  he’s  seen  have  Gigabit  up¬ 
links  that  are  routed,  and  10/100Mbit/sec 
end-user  ports  running  at  Layer  2. 

One  analyst  sees  Layer  3  as  complete 
overkill  for  wiring  closets. 

“[For]  the  vast  majority  of  configuration, 
full  Layer  3  routing  in  the  wiring  closet  is 
not  necessary”  even  for  uplinks  running 
OSPF  says  Lawrence  Orans,  senior  analyst 
with  Gartner. 

“It  becomes  an  administrative  nightmare 
once  you  turn  on  Layer  3  devices,”  he  says. 
“Essentially,  you  have  more  routers  in  the 
network  and  more  routing  tables,  which 
increases  problems  and  complexity  when 
someone  has  to  troubleshoot  the  network.” 

Layer  3  technology  has  come  down  in 
price,  according  to  IDC,  with  the  average 


Layer  3  port  down  about  $  1 30  from  last  year. 
But  at  around  $430  per  connection,  Layer  3 
still  costs  more  than  three  times  as  much  as 
a  Layer  2  LAN  port.  Still,  the  research  firm 
predicts  that  by  2006, one-quarter  of  all  LAN 
switches  shipped  will  be  Layer  3, and  Layer 
3  switch  port  revenue  will  account  for  more 
than  60%  of  the  total  market. 

It  might  not  be  this  year  or  next  year,  but 
lower  prices  for  switches  and  the  develop¬ 
ment  of  bandwidth-hungry  applications 
will  cause  more  users  to  put  Layer  3  ports 
in  new  parts  of  their  networks,  another 


observer  says. 

“Inevitably,  everyone  will  have  to  be  at 
Layer  3  at  the  desktop,”  says  Martha  Young, 
research  director  at  Enterprise  Man¬ 
agement  Associates.“This  will  be  necessary 
to  support  collaborative  applications  such 
as  voice  and  video  over  IP"  ■ 

High-Speed 

Subscribe  to  our  free  newsletter. 
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Novell  seeks 
to  upgrade 
NetWare  3 
users 

■  BY  DENI  CONNOR 

PROVO,  UTAH  —  Novell  launched  a  pro¬ 
gram  last  week  that  it  hopes  will  get  10  mil¬ 
lion  users  of  its  older  NetWare  network 
operating  system  to  upgrade  to  NetWare  6. 

Called  the  NetWare  3  to  NetWare  6  Up¬ 
grade  Promotion,  the  company  will  up¬ 
grade  current  NetWare  3  users  to  NetWare 
6  at  a  discount  and  provide  upgrade  pro¬ 
tection  at  no  additional  cost. 

The  program  is  available  now  and  con¬ 
tinues  through  Oct.  31.  Customers  with  25 
concurrent  user  connections  can  upgrade 
for  $1,460;  users  with  50  connections  can 
upgrade  for  $2,190. 

NetWare  3  was  a  popular  operating  sys¬ 
tem  used  primarily  in  small  businesses  or 
as  part  of  a  much  larger  network.  Although 
Novell  stopped  selling  NetWare  3  in 
October  2000,  Novell  says  as  many  as 
300,000  servers  run  NetWare  3  worldwide. 

Novell  first  shipped  NetWare  3  in  1989; 
the  directory-based  NetWare  4  in  April 
1993  replaced  it. 

NetWare  3  is  the  last  version  of  Novell’s 
network  operating  system  that  uses  a  flat- 
file  database  manager,  called  the  bindery, 
and  is  managed  with  a  series  of  DOS- 
based  utilities. 

To  receive  the  upgrade,  companies  need 
to  buy  as  many  user  licenses  as  they  have 
concurrent  connections  and  be  members 
of  Novell’s  Volume  License  Agreement  or 
Corporate  License  Agreement  programs. 

NetWare  3  users  interested  in  the  up¬ 
grade  program  can  call  (888)  32  M272.B 
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Only  one  in  three  network  security  breaches 
gets  reported.  Maybe  you’ll  get  lucky. 


When  it  comes  to  targeted  hacker  attacks,  Trojan  horses  and  spyware  preying 
on  your  data,  the  last  thing  you  want  is  to  “read  all  about  it.”  Hackers  not  only  steal  and 
destroy  valuable  information,  they  undermine  your  customer  trust  and  brand  equity  — wounds  that  can  leave 
you  bleeding  red  ink. 

No  need  to  get  paranoid  —  get  Zone  Labs.  Our  security  solutions  maintain  your  good  reputation  and  safeguard 
critical  data  by  protecting  your  enterprise  network  from  new  and  unknown  hacker  attacks.  In  fact,  Integrity™  is 
the  distributed  firewall  solution  that  protects  data  and  productivity  by  securing  vulnerable  remote  and  mobile  PCs. 
So  whether  you  need  centrally  managed  security  or  a  stand-alone  solution,  Zone  Labs  easily  protects  your  entire 
enterprise  network.  Which  is  good  news  for  you,  bad  news  for  hackers. 

For  the  full  story,  call  us  at  1-877-876-4960  or  visit  www.zonelabs.com/hackerdefense  and  download  our 
whitepaper:  “New  Threats,  New  Solutions"  And  as  luck  would  have  it,  you’ll  find  plenty  of  information  on  all  our 
proven  enterprise  security  solutions. 

0 
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SMARTER  SECURITY 


•  Source:  2002  Computer  Crime  and  Security  Survey.  Computer  Security  Institute  and  FBI.  ©  2002  Zone  Labs.  Inc.  All  rights  reserved.  The  Zone  Labs  logo  is  a  registered  trademark  of  Zone  Labs,  Inc.  Zone  Labs  Integrity  .s  a  trademark  of 
Zone  Labs.  Inc.  Zone  Labs  Integrity  protected  under  U.S.  Patent  No.  5,987.611.  Reg.  U.S.  Pat.  &  TM  Off.  v062402 
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Experiencing  IP  Voice 

Experio  Solutions  cuts  costs  and 
management  headaches  with  nationwide 
Shoreline  IP  voice  network. 


WHEN  MIKE  SHISKO  set  OUt 
to  look  for  a  new  phone 
system  that  would  serve 
the  480  employees  in  his  company’s 
14  offices  throughout  the  United 
States,  he  did  not  have  IP  voice  in 
mind.  Shisko  is  director  of  infor¬ 
mation  technology  for  Dallas- 
based  Experio  Solutions,  an  IT  con¬ 
sulting  firm  created  by  Hitachi 
when  it  acquired  a  piece  of  a  large 
consulting  company.  After  the  sale, 
Shisko  was  essentially  given  a  clean 
slate  on  which  to  map  Experio’s 
voice  and  data  strategy. 

Shisko  already  had  significant 
experience  working  with  private 
branch  exchanges  (PBXs),  having 
held  responsibility  for  telecom  as 
well  as  data  networks  for  the  previ¬ 
ous  six  years. 

Eventually,  he  came  across  an  IP 
voice  system  from  Shoreline 
Communications.  Shisko  was  ini¬ 
tially  attracted  to  the  Shoreline3 


reduced  administration  costs  and 
savings  in  long-distance  charges 
resulting  from  shipping  calls  over 
the  Internet. 

Shisko’s  positive  experience  is 
due  in  large  part  to  Shoreline’s 
approach  to  IP  voice.  Rather  than 
try  to  retrofit  a  PBX  or  router  to 
take  on  functions  for  which  they 
were  never  intended,  Shoreline3 
was  designed  solely  to  offer  reliable 
voice  services  over  an  IP  net. 

There  are  a  couple  of  keys  to  the 
reliability  built  in  to  Shoreline3. 
First  are  the  ShoreGear  voice 
switches  that  provide  call  setup  and 
teardown  functions.  All  switching 
functions  are  performed  in  hard¬ 
ware  using  Shoreline’s  VxWorks,  a 
real-time  operating  system  similar 
to  that  used  in  pacemakers. 

“In  the  legacy  PBX  world,  five 
nines  reliability  is  a  familiar  bench¬ 
mark,”  says  Greg  Ness,  director  of 
marketing  communications  for 


Experio’s  Mike  Shisko  is  now  an  IP 
voice  believer. 


no  single  point  of  failure.  Each 
switch  also  has  its  own  connection 
to  the  PSTN  and  can  provide  dial 
tone  for  attached  end  devices,  even 
during  a  power  failure. 

The  ability  to  connect  to  the 
PSTN  was  an  important  considera- 


Experio  saves 

big  with 

Shoreline 

Per  Site  Acquisition  Costs 

Shoreline 

Legacy  PBX 

Net  Savings 

Equipment,  Network  Upgrades 

$30,000 

$60,000 

$30,000 

Installation  -  Hard  Cost 

$0 

$1,700 

$1,700 

Total  Per  Site  Acquisition  Costs 

$30,000 

$61,700 

$31,700 

Total  Acquisition  Costs  (x16) 

Annual  Costs 

$480,000 

$987,200 

$507,200 

Management 

$39,600 

$72,000 

$32,400 

Maintenance  (based  on  10.1%) 

$48,480 

$129,280 

$80,800 

Long  Distance 

$30,000 

$151,000 

$121,700 

TCO  Per  Year 

$118,080 

$352,280 

$234,200 

Total  Over  5  Years 

$1,678,200 

suite  of  IP  voice  products  because  it 
offered  a  single  point  of  adminis¬ 
tration,  a  consistent  feature  set  for 
offices  of  all  sizes,  and  easy  connec¬ 
tions  to  the  public  switched  tele¬ 
phone  network  (PSTN)  for  local 
calling  and  backup  -  all  at  a  rea¬ 
sonable  price.  Since  installing  the 
system,  he’s  also  found  it  to  be 
highly  reliable  and  even  more  cost- 
effective  than  expected,  given 


Shoreline,  referring  to  systems  that 
are .  operational  99.999%  of  the 
time.  “With  a  pacemaker,  five  nines 
isn’t  good  enough.  A  few  minutes 
of  heart  failure  per  year  isn’t  a  pos¬ 
itive  thing.” 

In  addition  to  running  on  a  high¬ 
ly  reliable  hardware  platform  and 
OS,  each  ShoreGear  switch  operates 
independently,  without  involving  a 
central  server,  which  means  there  is 


tion  for  Experio’s  Shisko.  “We 
wanted  a  local  dial  tone  in  each 
office,  and  a  lot  of  systems  made 
that  difficult  to  manage,”  he  says. 
By  contrast,  once  installed,  each 
ShoreGear  switch  instantly  finds  the 
others,  enabling  a  new  office  to  start 
benefiting  immediately  from  toll 
bypass.  And  the  Shoreline  equip¬ 
ment  typically  took  only  about  two 
hours  to  get  up  and  running. 


The  savings  to  be  realized  from 
toll  bypass  are  significant.  Whereas 
Experio  previously  paid  about 
$2,000  per  office  per  month  in 
long-distance  charges,  now  it  pays 
about  $2,000  for  all  offices  com¬ 
bined  (see  chart). 

Administration  costs  have  like¬ 
wise  dropped  dramatically,  he  says. 
As  compared  with  the  PBX  setup  in 
use  before  the  Hitachi  acquisition, 
Shisko  estimates  the  Shoreline  gear 
cuts  management  costs  by  about 
60%.  He  says  the  Web-based  admin¬ 
istrative  interface  is  simple  to  learn 
and  use,  and  configuration  changes 
can  be  delivered  at  once  to  all 
ShoreGear  switches.  Previously,  each 
PBX  change  had  to  be  administered 
separately,  a  time-consuming  process 
that  also  made  it  difficult  to  keep 
configurations  uniform  over  time. 

Hardware  acquisition  costs 
were  likewise  reasonable,  because 
ShoreGear  switches  of  all  sizes  sup¬ 
port  the  same  feature  set.  Users  can 
start  with  a  12-port  model  and  add 
capacity  as  requirements  grow. 
That’s  a  welcome  feature  for 
Experio,  which  now  has  785 
employees  in  21  offices,  barely  a 
year  after  its  initial  Shoreline 
deployment. 

Harder  to  quantify  is  the  pro¬ 
ductivity  gains  that  come  from  the 
applications  included  with  the 
Shoreline3  system.  These  include 
personalized  call  control  and  man¬ 
agement,  a  Windows  program  that 
enables  users  to  control  features 
such  as  multiparty  conferencing, 
one-click  dialing  and  screen  pops 
that  show  callers’  names.  A  Unified 
Messaging  application  is  integrated 
with  Microsoft  Outlook,  including 
the  ability  to  coordinate  call-han¬ 
dling  features  with  Outlook  calen¬ 
dars.  Another  feature,  AnyPhone, 
lets  Experio  employees  who  travel 
frequently  assign  their  extension 
and  call-handling  profile  to  any 
other  phone  in  the  network. 

“The  ability  to  have  all  your  con¬ 
tacts  available  for  dialing,  to  be  able 
to  cut  and  paste  numbers  off  Web 
sites  and  dial  them,  to  know  who’s 
calling  you  and  to  see  voicemail  in 
your  email  inbox  -people  have  fall¬ 
en  in  love  with  all  that  functionali¬ 
ty,”  Shisko  says.  “Shoreline  was  a 
good  decision  for  us.  It’s  proven  to 
be  very  cost-effective  and  flexible, 
and  it’s  done  everything  we  were 
looking  for  it  to  do.” 

For  more  information,  see 
www.goshoreline.com. 


Sigaba 

expands  e-mail 
encryption  into 
wireless  LANs 


Lessons  from  Leading  Users 


Web  service  provides  relief  for  healthcare  firm 


■  BY  ELLEN  MESSMER 

SAN  MATEO,  CALIF —  Sigaba  this  week 
will  announce  two  e-mail  security  prod¬ 
ucts  that  will  let  users  encrypt  messages 
sent  via  BlackBerry  devices  over  wireless 
LANs. 

The  first  product,  Sigaba  Secure  Messag¬ 
ing  for  BlackBerry  is  a  server-based  gate¬ 
way  that  encrypts  data  sent  from 
BlackBerry  wireless  devices.  The  second, 
Sigaba  Secure  E-Mail  for  Wireless  LANs, 
also  is  a  server-based  gateway  that  plugs 
into  802.11b  LAN  access  points,  but  it 
decrypts  messages  and  attachments.  The 
products,  starting  at  $50,000  each,  will  con¬ 
ceal  sensitive  mail,  but  deploying  them 
might  not  be  particularly  easy 

For  one  thing,  the  Sigaba  Secure 
See  Sigaba,  page  18 


■  Software  bugs  cost  $59.5  billion 

annually,  according  to  a  new  study 
commissioned  by  the  Department  of 
Commerce’s  National  Institute  of 
Standards  and  Technology.  Users  pick 
up  more  than  half  the  tab;  developers 
and  vendors  the  rest.  Most  errors  are 
not  found  until  late  in  the  development 
process  or  during  post-sale  software 
use.  NIST  says  identifying  and  remov¬ 
ing  defects  earlier  in  the  process 
could  save  $22.2  billion  annually. 

■  Software  provider  SAP  AG  will  re¬ 
sell  and  distribute  Oracle’s  Oracle9i 
Database  with  Real  Application 
Clusters  under  the  terms  of  a  three- 
year  deal.  The  companies  say  they  will 
provide  support  to  joint  customers. 
The  SAP  software  using  Oracle9i 
RAC  will  be  available  within  six 
months  for  SAP  customers  using 
Hewlett-Packard’s  HP  AlphaServer 
systems  running  Tru64  Unix,  www 
.oracle.com;  www.sap.com 
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Profile  Manager 


The  cutting  edge  in  the 
healthcare  industry  is  typi¬ 
cally  reserved  for  the  operat¬ 
ing  room,  not  the  IT  department, 
but  Erik  Sargent  is  doctoring  that 
thinking. 

The  Web  applications  architect 
for  Providence  Health  System,  a 
collection  of  hospitals,  clinics  and 
assisted-living  complexes  in  the 
Northwest,  has  rolled  out  a  Web 
service  and  plans  a  handful  more 
as  part  of  a  project  to  create  stan- 
dards-based  secure  access  to 
patients’  personal  data  and  med¬ 
ical  records.  Sargent  is  creating  a 
unified  patient  profile  without 
having  to  move  or  reformat  any 
data  in  any  of  the  nearly  200  sys¬ 
tems  Providence  runs  to  support 
its  operations. 

“Generally  what  we’re  doing 
with  Web  services  is  trying  to  accom¬ 
plish  this  gargantuan  task  of  being 
able  to  easily  access  all  of  our  different 
systems,  which  all  store  information 
about  patients  in  different  ways,” 
Sargent  says.  “When  we  have  a  health 
plan  and  hospitals  and  laboratories 
and  outpatient  clinics,  we  should  tie 
all  that  patient  data  together  into  a  sin¬ 
gle  patient  profile.” 

Sargent  says  profile  aggregation  is  not 
common  in  healthcare.“No  one  is  really 
near  where  we  are  except  possibly  one 
or  two  other  systems  in  the  country 
We’re  pretty  excited  about  it,”  he  says. 

Sargent  has  deployed  a  Web  service 
called  Profile  Manager  that  uses  XML 
and  Simple  Object  Access  Protocol 
(SOAP)  to  extract  data  from  Provi¬ 
dence’s  disparate  systems.  The  patient 
data  is  taken  in  its  native  format, 
mapped  into  an  XML  document  and 
delivered  via  SOAP  to  Profile  Manager, 
which  presents  the  data  to  the  request¬ 
ing  application. 

To  maintain  security,  applications 
never  directly  access  the  hospital’s  sys¬ 
tems.  The  application  authenticates  the 
end  user  against  a  directory  and  Profile 


Providence  Health  System  is  rolling  out  a  set  of  Web  services  to  support 
reuse  of  the  volumes  of  patient  data  it  collects  in  some  200  systems  that 
support  its  operations. 
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s  www.providence.org/events 

■  Infravio  &  Profile  Manager  Web  service 

■  LDAP  directory 

u  Amisys  insurance  records  system _ 

©  User  accesses  Providence  Health  System  Web 
site  to  register  for  community  bicycle  ride. 

©  Web  site  contacts  Infravio  Web  services 
management  middleware,  which  checks  to 
see  if  user  is  authenticated. 

©  If  not,  user  authenticates  against  LDAP 
directory  using  user  name  and  password. 


Server 


Microsoft  SQL 
Server  database 


©  Infravio  triggers  Profile  Manager  Web  service 
to  collect  authenticated  user’s  profile  stored  on 
either  an  SQL  database  or  a  legacy  insurance 
records  system  if  user  is  Providence  member. 

©  User  is  returned  registration  form  that  contains 
his  name,  address,  age  and  other  profile 
information. 


Manager  acts  as  a  broker. 

Profile  Manager  and  a  Web  services 
management  system  developed  by  soft¬ 
ware  vendor  Infravio  orchestrate  the 
entire  exchange.  Both  sit  on  a  pair  of 
Compaq  700-MHz  servers  with  1 G  byte 
of  RAM  that  run  Microsoft’s  Windows 
2000  Server  and  Internet  Information 
Server  and  load-balanced  by  a  Cisco 
Content  Services  Switch  11000,  all  of 
which  sit  on  a  100M  bit/sec  Ethernet 
backbone. 

“The  idea  is  that  we  can  take  an 
XML-based  profile  of  the  information 
that  is  in  each  system  and  take  that 
profile  back  to  our  apps  and  use  it 
directly  or  merge  it  with  other  pro¬ 
files,”  Sargent  says. 

The  standard  profiles  let  Sargent’s  Web 
developers  easily  pull  patient  data  into 
their  applications  without,  for  instance, 
having  to  know  how  to  program  against 
MUMPS, a  proprietary  manipulation  lan¬ 
guage  with  an  embedded  database 
used  to  store  patient  information. 

It  also  lets  other  Providence  develop¬ 
ers,  say  those  writing  an  internal  billing 
application,  use  Profile  Manager  to  pull 
patient  data  into  their  applications. 


“We  put  all  the  access  logic  for  each 
system  into  the  profiles,  so  the  develop¬ 
ers  just  have  to  call  the  profile  in  Profile 
Manager^  Sargent  says.  That  model  cre¬ 
ates  time-  and  cost-savings  in  develop¬ 
ing  applications  that  Sargent  has  yet  to 
calculate  fully 

It’s  a  reuse  scenario,  he  says,  that  was 
never  fully  realized  in  other  compo¬ 
nent-based  architectures  such  as  the 
Common  Object  Request  Broker 
Architecture,  Component  Object  Model 
or  Enterprise  JavaBeans. 

Before  Web  services,  Sargent  used 
enterprise  application  integration  (EA1) 
software  in  an  exhausting  attempt  to 
integrate  patient  data.  That  system  now 
has  250  interfaces.  Also,  the  perfor¬ 
mance  is  lackluster  because  EA1  is  not 
designed  as  a  query/response  system. 

So  far,  Sargent  has  built  two  modules 
for  Profile  Manager  —  Web  Site  Profile 
and  Health-Plan  Member  Profile.  The 
Web  Site  Profile  includes  personal  infor¬ 
mation  such  as  name  and  address  col¬ 
lected  from  users  of  Providence  Web 
sites  and  stored  on  a  Microsoft  SQL 
Server  2000  database.  The  Health  P  . 

See  Providence,  page  18 
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It  has  long  been  a  truism  that  the  qual¬ 
ity  of  technology  too  often  has  little  to 
do  with  marketplace  success.  VHS  vs. 
Betamax  is  the  most  commonly  cited 
example.  But  now  we  are  seeing  an  old 
factor  —  greed  —  starting  to  have  a  big¬ 
ger  impact  on  technology  selection  than 
just  marketing  and  patent  licensing 
departments. 

I’m  writing  this  column  on  the  day  that 
WorldCom  announced  it  had  found  about 
$4  billion  worth  of  expenses  that  had  not 
been  dealt  with  “according  to  generally 
accepted  accounting  principles,”  as  The 


The  technology  is  irrelevant 


Wall  Street  Journal  quaintly  put  it.  The 
Associated  Press  headline  was  not  quite  so 
quaint,  referring  to  it  as  “the  biggest  case  of 
corporate  fraud  in  U.S.  history”  That  head¬ 
line  approximates  the  headlines  over  the 
past  few  months  regarding  cable  operator 
Adelphia  Communications  and,  of  course, 
Enron.  It  also  echoes  many  smaller  head¬ 
lines  announcing  the  demise  of  one  com¬ 
pany  or  another  because  of  questionable 
business  practices. 

Each  headline  traumatizes  the  invest¬ 
ment  community  and  causes  them  to 
back  away  even  further  from  start-ups 
working  on  new  technology.  Each  time  a 
big  company  goes  bust,  the  news  hits  the 
potential  market  for  new  ideas  hard. 
Throwing  away  a  few  hundred  billion 
dollars  of  investors’  money  tends  to 
cause  them  to  retreat  and  get  that  deer- 
in-the-headlights  look.  Not  exactly  a  good 
market  for  start-ups  to  get  new  or  contin¬ 


uing  funding. 

We  had  the  Internet  bubble,  then  the 
Internet  bust,  but  we  thought  that  the  bub¬ 
ble  was  just  stupidity  or,  more  politely  put, 
“irrational  exuberance."  And  I  saw  a  bunch 
of  breathtakingly  dumb  ideas  get  funding 
during  the  period  when  it  seemed  that  ven¬ 
ture  capitalists  were  funding  anyone  who 
knew  how  to  run  PbwerFbint.  At  one  level, 
the  quality  of  technology  did  not  seem  to 
matter  much  during  those  “good  old  days.” 
When  the  inevitable  bust  came,  I  figured 
that  we,  in  the  ’Net  world,  were  just  victims 
of  our  own  inability  to  think  seriously 
about  ideas.  I  figured  our  thinking  was 
somewhat  muddled  by  all  the  money  flow¬ 
ing  around.  Lots  of  good  ideas  died  for  lack 
of  continuing  funding,  along  with  many 
ideas  that  just  might  have  been  dead  to 
begin  with. 

But  it  now  turns  out  that  some  of  this  was 
irrational  greed  instead.  When  criminal 


Secure  BlackBerries 


Sigaba  is  rolling  out  e-mail  security  products  that  will  let  users  protect 
sensitive  mail  sent  via  BlackBerry  devices  over  wireless  LANs.  Here’s  how 
it  works. 
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messaging  for  BlackBerry  gateway  has  to 
be  installed  at  the  site  of  the  BlackBerry 
wireless  service  provider’s  point  of  access. 
Bob  Cook.Sigaba’s  CEO,  acknowledges  that 
Sigaba’s  gateway  is  not  even  in  tests  at  any 
BlackBerry  wireless  service  provider. 

Secure  E-Mail  for  Wireless  LANs  encrypts 
data  sent  via  the  LAN  using  private-key 
encryption  and  decrypts  it  on  the  receiving 
end  of  another  Sigaba  wireless  LAN  server. 

The  challenge  for  any  corporation  using 
Sigaba’s  products  is  that  any  corporate 
business  partners  or  customers  must  agree 
to  use  Sigaba  software  too,  to  decrypt  the 
e-mail  they  receive. 

This  burden  is  too  great,  say  some  busi¬ 
nesses  that  nevertheless  want  to  use 
encrypted  e-mail  to  shield  sensitive  data 
sent  over  the  Internet  to  a  business  partner. 

“We're  a  180-person  law  firm  with  a 
healthcare  practice,  and  we  send  a  lot  of 
private  patient  information,"  says  Tony 
Panella,  partner  at  Wilentz,  Goldman  & 
Spitzer,  PA.,  in  Woodbridge,  NJ.  “We  feel 
we  are  bound  under  the  [the  Health 
Insurance  Portability  and  Accountability 
Act]  to  protect  patient  data.  And  every¬ 


thing  is  more  driven  by  e-mail  every  day" 
HIPAA  requires  protection  of  sensitive 
patient  data  by  those  processing  it. 

The  law  firm  looked  into  purchasing  en¬ 
crypted  messaging  software,  including  that 
from  Tumbleweed  and  Critical  Path,  but 
elected  to  use  an  e-mail  encryption  ser¬ 
vice,  which  costs  the  firm  about  $35  per 
seat,  per  year,  that  doesn’t  require  the  recip¬ 
ient  to  install  specialized  encryption  soft- 
ware.The  service,  from  Zixlt,  notifies  secure 
e-mail  recipients  that  an  encrypted  mes¬ 
sage  is  waiting  for  them,  requiring  them  to 
enter  a  password  to  retrieve  it  online  via  an 
encrypted  Secure  Sockets  Layer  link. 

One  systems  integrator,  Siemens  Health 
Services  division,  says  it  is  beta-testing 
Sigaba’s  secure  e-mail  products  and 
expects  to  offer  the  Sigaba  product  line  as 
part  of  the  technologies  it  installs  for  hos¬ 
pitals  and  physicians. 

“We  don’t  anticipate  resistance  to  it,”  says 
Jon  Zimmerman,  vice  president  of  e-health 
at  the  Siemens  division.  “And  Sigaba  also 
has  online  bill  payment  software,  called 
Statement  Delivery,  that  makes  this  even 
more  appealing.” 

Sigaba  expects  to  enlarge  its  suite  this  fall 
with  a  secure  messaging  plug-in  that  will 
run  on  Windows  CE.  ■ 
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Member  Profile  is  data  from  a  user’s 
insurance  record,  which  is  stored  on  a 
system  called  Amisys  that  runs  on  an 
HP-3000  server. 

The  profile  modules,  in  essence,  are 
XML  documents  that  describe  how  to 
access  data  from  the  host  system  and 
what  data  to  collect. 

Currently  the  profiles  are  used  with 
Providence’s  Web-based  application  for 
registering  participants  in  events  the 
hospital  sponsors,  such  as  an  upcoming 
community  bicycle  ride. 

The  Web  Site  Profile  is  used  to  auto¬ 
matically  fill  out  registration  forms  with 
name,  address  and  other  information 
previously  collected  from  users  of 
Providence  Web  sites.  It  also  can  collect 
data  from  a  new  user’s  registration  form 
to  create  a  Web  profile.  The  Health-Plan 
Profile  gives  the  same  service  to 
Providence  members,  but  also  can  be 
used  to  trigger  membership  benefits, 
such  as  registration  discounts. 

Profile  Manager  is  written  in  Java  and 
the  business  logic  contained  in  the 
modules  is  written  as  Java  servlets, 
which  Infravio  Web  services  software 
converts  to  XML  and  SOAP.  The  servlets 
run  on  an  Apache  Tomcat  servlet  engine 
installed  on  Win  2000. 

Infravio  serves  as  a  security  guard  and 
gatekeeper, letting  only  authorized  appli¬ 
cations  running  on  authorized  servers 
request  information  through  Profile 
Manager. 

For  example,  the  IP  address  of  the 
server  running  the  event  registration 
Web  site  is  authorized  to  connect  to 
Infravio.  That  kind  of  configuration 
controls  access  to  Profile  Manager  and 


www.nwfusion.com  [ 


behavior  is  involved,  it’s  harder  to  stomach 
what  is  happening  to  the  start-ups  that  were 
leading  the  way  on  the  paths  of  innovation 
that  are  key  to  our  technological  future. 

Because  we  cannot  depend  on  estab¬ 
lished  companies,  or  now  on  venture  capi¬ 
talists,  to  fund  the  longer-term  research  and 
development  start-ups  they  once  did,  we 
have  to  look  to  other  sources  of  funding  or 
be  willing  to  stagnate.  In  the  time  before 
the  boom,  federal  research  money  was  a 
key  innovation  driver,  maybe  not  as  adven¬ 
turesome  as  it  could  have  been,  but  key 
nevertheless.  It  looks  like  it’s  time  for  the 
feds  to  open  the  purse  strings  even  more. 

Disclaimer:  Harvard,  as  well  as  I,  receives 
federal  grants.  But  I  did  not  ask  the  univer¬ 
sity’s  opinion, so  you  just  get  mine. 

Bradner  is  a  consultant  with  Harvard 
University’s  University  Information  Systems. 
He  can  be  reached  at  sob@sobco.com. 


meets  current  Health  Insurance 
Pbrtability  and  Accountability  Act  reg¬ 
ulations,  which  requires  securing  access 
to  patient  information. 

Profile  Manager  and  Infravio  software 
run  behind  the  firewall  so  nothing  goes 
out  over  the  Internet  except  the  nuggets 
of  profile  data  that  Profile  Manager 
returns  in  the  form  of  HTML  pages. 

The  Infravio  platform  costs  about 
$50,000  and  consultants  from  the  com¬ 
pany  set  up  Profile  Manager  in  three 
weeks. 

Sargent  says  he  also  had  some  idle 
server  hardware  that  was  used  to  run 
Profile  Manager. 

Sargent  plans  to  roll  out  eight  more 
profile  modules  in  the  coming  months 
that  he  says  will  meet  90%  of  his  needs 
for  creating  a  unified  patient  profile. 

One  will  be  for  his  Logician  system, 
which  stores  medical  records  for 
Providence’s  primary  care  clinics  that 
record  everything  electronically 

“All  the  results,  lab  tests,  doctor  notes, 
prescriptions,  it’s  all  in  there,"  Sargent 
says.“By  creating  a  profile  into  Logician, 
that  is  where  we  can  start  doing  the 
online  medical  record,  online  schedul¬ 
ing  for  people,  the  whole  bit.” 

And  when  that  rolls  out,  Providence’s 
IT  department  will  have  secured  its 
place  on  the  cutting  edge.B 
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In  a  world  where  there’s  a  different  kind  of  threat  every  day,  you  need  a  different  kind  of  security. 

New  threats  can  blow  through  any  firewall  or  anti-virus  software.  That's  why  you  need  the  RealSecure*  Protection 
System.  It  dynamically  detects,  prevents  and  responds  to  an  ever-changing  spectrum  of  online  threats  to  your  business. 
RealSecure  protects  your  networks,  servers  and  desktops.  And  it  provides  powerful,  centralized  management  that's 
both  simple  and  cost-effective.  No  matter  who  you're  up  against.  Call  us  at  800-776-2362.  Or  visit  www.iss.net/nww. 
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Enterprise  endgame-*-- 


Open  Source 

Second  in  a 
two-part  series 


Is  Linux  winning  over  the  enterprise? 
Proponents  say  the  technology  can  help 
large  businesses  do  just  about  anything. 


Plus: 

Open  Source  Evolution.  Part  1 

Despite  the  hype  and  the  fears,  Linux  and  other  open  source  software 
have  made  serious  gains  in  corporate  IT  shops. 

Linux  breaking  news 

Stay  on  top  of  the  latest  Linux  news. 


Today's  third-round  matchups: 

Linux  creator  Linus  Torvalds  battles 
TeleChoice's  Christine  Heckart  and  Cisco's 
Mario  Mazzola  takes  on  Qwest's  Joe  Nacchio. 

Vote  |  Latest  results  I  Results  to  date 

Tuesday:  Heavy  voting  as  John  Chambers  edge  Lt.  Gen.  Michael 
Hayden  and  the  Russ  Holt/Randy  Groves  duo  beat  San  jay  Kumar. 

Details. 

Top  ISP  reports- - , 

Is  your  ISP  measuring  up?  Wejrank  the  top  ISPs  in  the 
buslness-to-business,  national  and  regional  categories  as  they 
compare  to  vendors  within  thj  same  market. 
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■  PRODUCTS,  SERVICES  AND  STRATEGIES 

FOR  TYING  TELEWORKERS  TO  THE  ENTERPRISE 


NetworkWorld 


Out  of  sight  out  of  mind 

Four  companies  share  the  tools  and  strategies  they  use  to  secure  home  offices. 


Tools  of  the  trade 

Particulars  on  the  products  and  services  these  firms  rely  on  to  secure 
corporate  home  offices. 

8  Product  Description  Benefit 

Axcelerant  Offers  broadband  provisioning 

Managed  and  VPN  management  for 

VPN  Service  remote  corporate  networks. 

Scales  well  for  large  telework 
rollouts.  Remote  network  policy 
monitoring  available. 

Check  Point  VPN-1  Software-based  VPN. 
SecureClient 

Lets  mobile  and  part-time 
teleworkers  connect  to  the 
network  from  various  locations. 

Schlumberger  i  Products  and  services  for 

DeXa  Suite  of  :  securing  remote  and  mobile 

Services  connections,  VPNs,  extranets 

i  and  smart  cards. 

Smart  card  authentication 
technology  provides  system 
and  building  security. 

SonicWall  Tele3  Security  appliance  with  two 

Trusted  Zone  physical  ports  —  one  for  the 

j  corporate  PC  and  one  for 
thehome  network. 

Segregates  corporate  PC  from 
PCs  on  the  home  network,  yet 
lets  corporate  machines  access 
home  network  resources  safely. 

■  BY  TONI  KISTNER 

Axcelerant’s  CTO  Jeff  Christy  likes  to  say, 
“We  treat  ourselves  like  customers.”  While 
the  managed  VPN  services  provider  counts 
35  Fortune  1000  companies  as  customers,  it 
also  provides  remote  access  to  its  70-plus 
employees.  As  such,  Axcelerant  knows  from 
both  angles  the  challenges  network  execu¬ 
tives  face  when  securing  remote  offices. 

Axcelerant’s  service  includes  sophisti¬ 
cated  broadband  provisioning  and  secu¬ 
rity  management  software  combined 
with  a  VPN/firewall  appliance  from  Net- 
Screen  or  SonicWall,  or  if  a  software  VPN 
is  in  place,  a  firewall  device  from  ZyXel. 

“We  can  architect  a  secure  solution,  but 
the  issue  comes  down  to  that  architecture 
staying  in  place  and  making  sure  the  home 
users  aren’t  doing  something  that  directly 
compromises  security’  Christy  says. 

Typical  misbehavior  includes  unplugging 
or  plugging  around  the  VPN  appliance,  or 
plugging  the  system  directly  into  a  broad¬ 
band  modem.  Teleworkers  often  try  to  im¬ 
prove  productivity  by  sharing  a  printer  be 
tween  their  family  machines  and  their  work 
machine.  But  Christy  has  seen  numerous  sit¬ 
uations  in  which  home  users  want  to  do 
things  they  don’t  want  the  company  to  see. 

Educating  firms  of  the  dangers  is  a  chal¬ 
lenge,  too.  “Enterprises  will  tell  us,  remote 
users  can  shut  down  the  VPN  as  long  as 
they’re  not  connected  to  the  corporate  net¬ 
work,”  he  says.  “The  trouble  is,  that  remote 
system  is  a  corporate  asset,  which  logs  onto 
specific  servers  and  intranet  pages,  and 


■  D-Link  last  week  announced  a 
small  office/home  office  Cable/DSL 
Router  for  $50  —  priced  about  $20 
less  than  competitors’  products.  The 
Express  EtherNetworkTM  Cable/DSL 
Router  packs  a  four-port  10/100  auto¬ 
negotiating  switch,  and  features  in¬ 
clude  a  network  address  translation 
firewall,  VPN  passthrough,  stateful 
packet  inspection  filtering,  content  fil¬ 
tering  and  basic  network  manage¬ 
ment.  www.dlink.com 


Windows  caches  all  those  passwords.  Once 
you  disable  the  VPN,  all  that  information  is 
now  accessible  to  hackers.” 

Two  networks  in  one 

SonicWalls  new Tele3  Trusted  Zone  (TZ) 
addresses  this  two-network  problem,  and 
makes  it  easier  for  teleworkers  to  safely 
share  peripherals  and  files  on  a  home  net¬ 
work.  The  device  includes  two  physical 
ports,  WorkPort  and  HomePort.  Typically 
you  attach  all  the  peripherals  to  HomePort, 
and  only  the  corporate  PC  to  WorkPort. 
Then  you  create  a  firewall  policy  between 
the  two  interfaces  that  lets  the  corporate 
PC  access  specific  home  devices  on 
HomeFbrt,  but  doesn’t  let  HomePort  de¬ 
vices  access  anything  on  WorkPort. 

Peter  Silvo,  corporate  services  manager  at 
storage  network  company  Network 
Appliance,  in  Sunnyvale,  Calif.,  relies  on 
Axcelerant’s  managed  VPN  service  to  con¬ 
nect  900  employees’  home  offices,  and 
recently  launched  a  small  pilot  program  of 
the  Tele3  TZ. 

“A  lot  of  people  share  the  connection 
with  a  spouse  or  a  roommate,  who  some¬ 
times  works  for  a  competitor.  But  with  the 
TZ.the  work  machine  is  protected.  If  some¬ 
body’s  kid  downloads  a  virus,  only  the  sys¬ 
tems  on  the  HomePort  get  infected.” 

Silvo’s  strategy  is  to  educate  and  trust  his 
users,  and  he  shores  things  up  so  if  some¬ 
thing  happens  he  can  catch  it  right  away 

Double-edged  sword 

The  network  director  of  a  large  software 
company  in  Silicon  Valley  (who  requested 
anonymity)  credits  much  of  his  company’s 
success  on  its  ability  to  hire  talent  from  all 
over  the  world.  While  he,  too,  contracted 
with  Axcelerant  to  manage  his  company’s 
VPN,  he  still  found  managing  remote  work¬ 
ers  troublesome. 

Although  out  of  sight,  remote  users  were 
always  on  his  mind.“lf  an  employee  and  his 
spouse  are  hooking  their  computers 
together,  we  could  be  hooking  ourselves 
up  with  a  competitor  and  we  don’t  have  a 
lot  of  control  over  that.  Even  though  we 
wrote  policies  and  tried  to  educate  people, 
we  just  don’t  have  a  lot  of  control  over  that 
kind  of  behavior 

This  network  director  detected  a  lot  of 
deviant  behavior  by  watching  network  traf¬ 
fic,  spam  and  e-mail  from  unknown 
sources,  but  the  job  was  difficult  and  time- 
consuming.  So  when  Axcelerant  finished 


the  beta-test  cycle  of  its  new  remote  secu¬ 
rity  policy-monitoring  program,  Scout,  his 
company  began  a  large  pilot  program. 

The  Scout  agent  sits  on  the  remote  user’s 
PC  and  sends  an  alert  to  the  network  if  that 
machine  deviates  from  its  security  policy 
Scout  can  send  the  administrator  an  e-mail 
or  Axcelerant  can  disable  the  VPN  tunnel. 

“My  security  team’s  given  it  the  thumbs 
up,”  the  network  director  says.’Anyone  log¬ 
ging  in  remotely  will  have  SecurelD  and 
the  Scout  agent  running  on  the  system.” 

Oil  and  water 

For  many  companies,  the  combination  of 
Axcelerant’s  managed  VPN  service, 
SonicWall  Tele3  TZ  and  Scout  Agent  might 
seem  sufficient,  even  overkill  for  some.  But 
Schlumberger  Network  &  Infrastructure 
Solutions,  a  75-year  old  multinational  infor¬ 
mation  services  firm,  has  taken  a  different 
approach.  Because  much  of  the  company’s 
work  is  in  oil  field  services,  5,000  employ¬ 
ees  are  nomads,  working  for  long  stretches 
on  oil  rigs  in  remote  places. 

“By  1982,  we’d  mapped  80%  of  the  world’s 
well  sites,  proprietary  data  we’ve  kept 
secure  for  our  customers.  We’ve  done  it 
with  our  road  warriors,  whom  we’ve  had  to 
keep  linked  to  our  [research  and  develop¬ 
ment]  groups  in  metropolitan  areas,”  says 
Kosta  Gioukaris,  business  development 
manager  for  Schlumberger. 

The  challenge  for  Schlumberger  was  how 


to  grant  road  warriors  access  to  e-mail, 
applications  and  time  sheets  while  on  oil 
rigs  or  traveling.  The  company  developed 
its  own  connectivity  products,  the  DeXa 
Suite  of  Services.  Today,  Schlumberger 
nomads  use  a  variety  of  remote  access 
technologies,  including  the  company’s 
DeXa.Net  VPN  services,  DeXa.Badge  smart 
card  certificate  authentication  product, 
and  Check  Point  Software’s  VPN-1  Secure- 
Client.  Some  remote  workers  access  server- 
based  applications  using  products  from 
Neoteris, Tarantella  or  i-Planet. 

Schlumberger’s  security  is  based  on  three 
policies:  All  applications  are  kept  on  the 
corporate  servers;  mandatory  use  of  smart 
cards  to  access  all  PCs,  buildings  and 
floors;  and  certificate  authentication  chal¬ 
lenges  at  15-minute  intervals. 

Gioukaris  has  little  concern  for  home 
office  security.  “The  moment  you  pull  the 
smart  card  from  the  reader,  the  PC  no 
longer  has  any  access  to  company  services. 
Then  employees  can  use  the  broadband 
connection  for  anything  they  want, "he  says. 

While  workers  are  generally  accepting  of 
the  policies,  Gioukaris  says  they’ve  asked  to 
store  their  password  onto  a  PC  so  they 
wouldn’t  have  to  type  in  their  username 
and  password  so  frequently.  “But  we’ve 
enforced  it  rather  stringently  he  says. 

A  Schlumberger  employee  adds, “It  can 
be  distracting  at  first,  but  one  gets  used 
to  it.”  ■ 
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Everybody  looks  good  on  paper.  Want  to  know  what’s  really  going  to 
perform  in  your  environment?  Use  your  test  lab.  For  eval  copies  of  our  products, 
visit  our  Web  site  or  call  toll-free. Then  check  out  www.aelita.com/testlab  for  a 
free  guide  you  can  use  to  conduct  a  competitive  evaluation  in  your  lab. 
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Slam  Dunk  aims  to  assure  e-delivery 


■  BY  TIM  GREENE 

REDWOOD  CITY  CALIF  —  Sometimes 
online  transactions  just  have  to  get  there  — 
absolutely  positively  guaranteed  —  and 
that’s  what  Slam  Dunk  Networks  promises. 

The  electronic-trading  service  provider 
blends  Internet  access  with  its  own  fiber 
backbone  and  security  gear  to  transport 
critical  business  communications  and 
generate  electronic  receipts  that  confirm 
the  data  has  arrived  sately 

Aiming  its  services  mainly  at  financial 
institutions  doing  business-to-business 
trading,  Slam  Dunk  lets  customers  inex¬ 
pensively  extend  online  trades  to  sites  that 
otherwise  might  not  warrant  a  connection 
with  a  leased-line  or  frame  relay  trading 
network. 

“This  could  allow  larger  firms  who  man¬ 
age  hundreds  of  connections  to  get  to 
people  in  other  geographies  where  the 
cost  of  leased  circuits  is  too  high  to  be  a 
cost-effective  way  of  connecting  to  a  stan¬ 


dard  trading  network,” says  John  Treadway 
vice  president  of  marketing  and  business 
development  for  Financial  Fusion,  an  IT 
provider  for  banks  and  securities  compa¬ 
nies.  The  Concord,  Mass.,  company  offers 
Slam  Dunk  services  as  part  of  its  secure 
trading  offerings. 

Venture  Industries, a  $2.5  billion  supplier 
of  plastic  car  parts  in  Fraser,  Mich.,  uses 
Slam  Dunk  to  move  financial  data,  orders 
and  confirmations  between  its  suppliers 
and  its  headquarters  in  Europe,  according 
to  A1  Young,  executive  assistant  to  the 
chairman  of  Venture  Industries. 

He  says  the  Slam  Dunk  service  costs 
75%  less  than  Venture  paid  to  outsource 
electronic  delivery  of  this  data  to  a 
provider  he  declined  to  name.  That 
amounts  to  millions  of  dollars  peryear.“It’s 
cheap,  and  so  far  it’s  been  perfect  [for 
delivering  files],”  Young  says. 

To  connect  to  the  Slam  Dunk  service, 
sites  must  have  an  Internet  link  and  a 
See  Slam  Dunk,  page25 


Secure  confirmed 
transactions  online 


Slam  Dunk  Networks  uses  the  Internet 
in  combination  with  its  own  network  to 
transport  messages  securely  with 
guaranteed  delivery. 


OEnd  user  PC  sends  a  trasaction 
through  a  Slam  Dunk  adapter 
that  encrypts  it,  seals  it  in  an 
XML  envelope  and  forwards 
copies  via  SSL  connections  to 
multiple  "hoops,"  which  are 
Internet-connected  servers 
placed  in  20  locations  worldwide. 


1 

01 

End  user 


e  The  hoops  tap  online  Slam  Dunk  data  stores  for  routing  information 
and  to  store  a  copy  of  the  transation.  The  hoops  attempt  to  establish 
SSL  links  to  the  destination  adapter,  and  the  first  successful  link  is 
used  to  deliver  the  transaction  while  the  other  attempts  are  rejected. 
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Slam  Dunk  network 


©The  destination  adapter  confirms 
receipt  of  the  transaction  and 
stores  a  record  in  the  data  stores 
where  users  can  view  it  via  a  portal. 


IBM  service  slices  up  Linux  mainframe 


■  BY  JENNIFER  MEARS 


■  A  recent  IDC  survey  found  that 
only  5%  of  respondents  plan  to  in¬ 
crease  their  purchase  of  hosting  ser¬ 
vices.  That  likely  means  future  service 
provider  spending  will  be  focused  on 
new  services  such  as  managed  stor¬ 
age  or  application  management,  IDC 
says.  The  findings  are  from  a  January 
survey  of  IT  managers  regarding  their 
use  of  services,  which  include  applica¬ 
tion  management,  storage,  content 
delivery  and  Web  hosting  services. 

■  Verizon  late  last  month  filed  a  long¬ 
distance  application  for  Delaware 
with  the  Federal  Communications 
Commission.  Verizon  already  has 
been  approved  to  offer  long-distance 
voice  and  data  services  in  eight  states 
where  it  is  the  dominant  local  carrier. 
Under  the  Telecommunications  Act  of 
1996,  incumbent  local  carriers  must 
prove  they  have  opened  their  net¬ 
works  to  competitors  before  they  are 
allowed  to  offer  long-distance. 


ARMONK,  N.Y  —  IBM  is  stepping  up  its 
push  to  provide  e-business  services  on 
demand  and  has  introduced  an  offering 
that  gives  customers  access  to  computing 
resources  on  a  pay-as-you-go  basis. 

Linux  Virtual  Services,  introduced  last 
week,  give  customers  running  Linux  appli¬ 
cations  access  to  a  “virtual  server,”  which  is 
a  portion  of  an  IBM  zSeries  mainframe. 
IBM  partitions  the  processing,  storage  and 
network  capacity  on  the  mainframe  for 
each  customer,  letting  it  scale  resources  as 
needed,  while  providing  the  same  security 
offered  by  a  dedicated  server, says  Warrant 
Hart,  director  of  e-business  on  demand  for 
IBM  Global  Services. 

“If  you  think  about  the  evolution  we’ve 
seen,  it  started  with  people  having  their 
own  data  centers,  they  started  using  ser¬ 
vice  providers.  They  started  using  hosting 
centers,  and  all  of  a  sudden  they  were 
sharing  the  bandwidth,  then  sharing  a 
switch  [and]  maybe  sharing  a  firewall. 
Now  they’re  sharing  a  server.  But  from  the 
user’s  perspective,  it’s  a  dedicated,  unique 
machine,”  Hart  says. 

He  says  customers,  while  sharing  a  main¬ 


frame  box,  do  not  share  applications,  pro¬ 
grams  or  files. 

“If  you  have  a  virtual  server  and  you’re 
running  Oracle  or  you’re  running  DB2  as 
your  database  and  someone  else  on  that 
same  utility  platform  is  running  Oracle  or 
running  DB2,  you’re  each  running  your 
own  copies,”  he  says.  “There  is  no  data 
sharing,  no  file  sharing,  no  questions  on 
integrity’ 

IBM  monitors  and  manages  zSeries  main¬ 
frames  in  its  hosting  centers,  and  additional 
virtual  servers  can  be  provisioned  in  min¬ 
utes,  the  company  says.  IBM  provides  appli¬ 
cation-porting  services  to  Linux  for  cus¬ 
tomers  running  non-Linux  platforms. 

Linux  Virtual  Services  customers  also 
have  access  to  storage  on  demand  and 
network  capacity  on  demand. 

The  virtual  services  are  priced  using  ser¬ 
vice  units,  which  cost  about  $300  per 
month  and  are  a  measure  of  capacity  Hart 
says  the  service  unit  includes  a  portion  of 
the  mainframe,  a  portion  of  the  software 
license  for  the  Linux  operating  system,  a 
portion  of  the  management  of  the  operat¬ 
ing  environment  and  a  portion  of  the  data 
center  floor  space  and  power. 

Customers  buy  a  number  of  service 


units  depending  on  their  average  demand 
during  a  24-hour  period,  rather  than  buy¬ 
ing  capacity  to  handle  peak  loads,  as  cus¬ 
tomers  must  do  when  buying  dedicated 
hardware,  Hart  says.  That’s  where  compa¬ 
nies  stand  to  realize  the  biggest  cost  sav¬ 
ings,  analysts  say 

“There’s  a  lot  of  wasted  capacity  out 
there,”  says  David  Tapper,  an  IDC  analyst. 
“And  you’re  paying  for  it.  If  it  just  sits  idle, 
you’re  still  paying  for  it.  So  customers 
should  expect  some  serious  cost  savings.” 

At  the  same  time, Tapper  says  IBM  needs 
to  educate  customers  about  how  the  ser¬ 
vice  can  provide  real  benefits.  In  today’s 
economy  businesses  remain  wary  about 
trying  untested  services,  he  says. 

“The  customer  is  likely  wondering, 
‘Where  do  I  apply  it  to  my  business?  Is  it 
safe?  Really  show  me  that  I’m  going  to 
save  money  and  that  I’m  going  to  drive 
business  on  it,  too,’”  he  says. 

Still,  there  is  a  trend  among  service 
providers  to  offer  such  computing-on- 
demand.  Hewlett-Packard  offers  usage- 
based  pricing  for  its  servers  and,  along 
with  Sun  and  IBM,  sells  grid  computing  as 
a  way  to  get  more  out  of  computer 
resources.  ■ 
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It's  time  to  establish  secure  links  to  any  user,  anywhere.  With  Cisco  VPN 
solutions,  you  can  add  network  flexibility  while  reducing  costs  —  enabling  you 
to  safely  utilize  the  Internet  for  your  business-critical  applications.  With  Cisco 
AVVID  enterprise  architecture,  you  can  do  all  this  without  any  disruption. This 
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standardized  enterprise  architecture  allows  you  to  seamlessly  integrate  voice,  video,  wireless,  and  data  applications  on 
a  single,  scalable  network.  This  includes  new  and  existing  technologies  alike.  Whether  you're  building  your  enterprise 
network  or  extending  it  with  Cisco  Powered  Network  services,  take  advantage  of  the  tools  below  to  get  it  done  right. 
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Customers  who  are  contemplating 
signing  with  a  carrier  in  financial  dis¬ 
tress  should  assess  the  problems  that 
may  arise  in  the  event  that  distress  wors¬ 
ens,  especially  if  intending  to  rely  on  that 
carrier  for  primary  coverage  for  critical 
applications. 

At  his  time, no  one  really  knows  what  will 
happen  to  such  providers,  except  that  they 
all  will  go  through  difficult  periods  during 
which  it  will  be  hard  for  senior  manage¬ 
ment  to  focus  on  network  and  customer 
support  quality  while  tending  to  financial 
crises.Thus,  it  is  prudent  to  consider  worst- 
case  scenarios  and  change  plans. 

Providers  that  face  financial  difficulty 
must  decide  what  lines  of  business  to  try  to 
grow,  sell,  close  or  hold.  Customers  must 
factor  this  into  their  evaluation  of  current 
and  potential  primary  and  secondary 
providers. 

Neither  Qwest  nor  WorldCom  has  laid 
out  very  specific  plans  as  to  their  future 
product  and  service  makeups.  In  such 
instances,  customers  should  refrain  from 
new  or  expanded  commitments  until 
providers  make  their  plans  known. 
Because  even  the  most  well-intentioned 
plans  can  change,  customers  should  not 
make  significant  commitments  until  there 
is  tangible  evidence  that  implementation 
is  under  way. 

Customers  cannot  assume  that  carriers 
facing  financial  difficulty  will  provide  them 


Slam  Dunk 

continued  from  page  23 

server  equipped  with  Slam  Dunk  software 
called  Adapter. 

Customer  machines  connect  to  Slam 
Dunks  network  through  the  adapter  using 
Secure  Sockets  Layer  links  over  the 
Internet.  Their  traffic  is  transported  over 
Slam  Dunk’s  leased  fiber  network  and 
delivered  to  destination  sites  via  the  Inter¬ 
net,  leased  line  or  frame  relay  connections. 

Slam  Dunk  adapter  servers  at  customer 
sites  encrypt  and  copy  data  to  two 
Internet-connected  Slam  Dunk  servers 
called  hoops,  which  copy  the  data  and 
store  it  to  a  database  as  backup. There  are 
20  hoops  worldwide. 

The  two  hoops  involved  in  a  transaction 
attempt  to  make  secure  links  to  a  destina¬ 
tion  adapter  server,  which  accepts  the  first 
connection  request  and  drops  the  other. 
The  data  is  sent,  and  the  destination  adap¬ 
ter  logs  receipt  of  the  transaction  with  a 
Slam  Dunk  database.  Customers  can  track 
their  transactions  through  personal  portals 
to  confirm  they  have  been  received. 

All  traffic  consists  of  file  transfers, with  the 
maximum  file  size  of  500M  bytes. The  only 


Those  using  beleaguered  carriers  need  to  prepare 


with  a  long  window  to  migrate  to  other  ser¬ 
vices  or  providers  before  they  discontinue 
supporting  a  service  that  is  slated  for  ter¬ 
mination.  Realistically, it  may  only  be  a  mat¬ 
ter  of  weeks  —  in  the  case  of  some  ISPs 
that  recently  have  discontinued  opera¬ 
tions,  it  was  a  matter  of  days. 

Enterprise  network  contingency  plan¬ 
ning  is  essential. 

Although  recent  news  about  WorldCom 
is  stunning,  virtually  the  entire  industry  has 
been  and  will  continue  to  be  in  turmoil 
throughout  this  year,  and  the  ill  effects  will 
last  well  into  2004.  There  is  no  absolutely 
safe  ground,  no  sure  bets.  All  customers 
should  diversify  risk  by  diversifying  carri¬ 
ers.  Large  customers  —  those  spending 
more  than  $10  million  annually  —  should 
split  traffic  between  multiple  Tier-1  facili- 
ties-based  providers.  Smaller  customers 
should  employ  a  second  Tier-1  facilities- 
based  provider  to  back  up  critical  applica¬ 
tions  or  routes. 

Keep  contract  term  lengths  short;  for 
example,  for  transport  services,  no  longer 
than  two  years.  Consider  even  shorter  con¬ 
tracts  —  a  year  or  less  —  with  providers 
facing  great  challenges.  In  such  instances, 
clients  might  find  they  can  negotiate  good 
prices  on  highly  competitive  services  with¬ 
out  making  any  term  commitments. 

Review  all  contract  terms  and  conditions 
with  company  attorneys,  both  contracts 
currently  in  effect  and  also  any  under  con¬ 
sideration.  Look  at  the  language  around 
early  termination  clauses  to  determine  if 
there  are  provisions  for  either  party’s  bank¬ 
ruptcy  or  poor  performance  (network  and 
customer  support).  Work  on  revising  con¬ 
tacts  to  ensure  these  events  are  covered. 

Very  large  companies  supported  by  ded¬ 


devices  the  adapters  will  talk  to  are  hoops, 
and  the  adapters  and  hoops  authenticate 
to  each  other  using  digital  certificates. 

Young  says  he  is  encouraging  others  in 
the  auto  supply  industry  to  adopt  Slam 
Dunk  to  send  just-in-time  orders  as  op¬ 
posed  to  the  ANX,  the  automotive  indus¬ 
try’s  VPN  cooperative.  “It’s  cheaper  than 
value-added  networks,  and  there’s  no  up¬ 
front  investment,”  Young  says.  Venture 
Industries  pays  for  a  block  of  data  ahead  of 
time  and  uses  it  like  you  would  use  min¬ 
utes  on  a  prepaid  phone  card. 

Treadway  says  Slam  Dunk  overcomes  the 
security  and  reliability  concerns  that  finan¬ 
cial  institutions  have  about  the  Internet. 
“This  removes  the  objections  to  using  the 
Internet  as  a  way  to  conduct  trading 
among  partners,”  he  says. 

He  says  nearly  all  financial-trading  sites 
have  Internet  connections  that  the  Slam 
Dunk  service  can  ride  on, so  using  the  ser¬ 
vice  requires  no  additional  access  line.This 
saves  the  cost  of  the  extra  line  and  elimi¬ 
nates  installation  time. 

Slam  Dunk  costs  about  a  penny  per  kilo¬ 
byte  based  on  the  amount  of  data  sent. 
Provisioning  the  service  costs  a  one-time 
fee  of  $500  to  $1 ,000  per  site.  ■ 


icated  provider  personnel  should  have 
contingency  plans  that  include  the  option 
of  bringing  those  key  employees  on  to  your 
company’s  payroll.  Affected  customers 
should  review  current  contracts  and 


ensure  such  provisions  are  in  place. 

Pierce  is  a  research  fellow  at  Giga  Infor¬ 
mation  Group.  She  can  be  reached  at 
!pierce@gigaweb.  com. 
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■  SERVICE  PROVIDER  DEVELOPMENTS 
AT  THE  JUNCTURE  BETWEEN  THE  ENTERPRISE 
AND  THE  NEW  PUBLIC  NETWORK 


Cisco  addresses  storage  aggregation 

Company  unveils  metropolitan  DWDM  system  for  SAN  applications. 


■  BY  JIM  DUFFY 

SAN  JOSE  —  Cisco  recently  unveiled  a 
metropolitan-area  network  platform  that 
lets  users  aggregate  up  to  40  data  connec¬ 
tions  over  a  single  wavelength. 

The  system,  called  the  ONS  15530,  is  a 
dense  wavelength  division  multiplexer 
(DWDM)  optimized  for  storage-area  net¬ 
work  (SAN)  applications.  It  can  multiplex 
up  to  40  Enterprise  Systems  Connection 
(ESCON)  channels  over  one  10G  bit/sec 
wavelength. 

Alternatively,  users  would  have  to  dedi¬ 
cate  a  separate  wavelength  for  each 
ESCON  channel.  But  a  single  ESCON  chan- 


■  IBM  recently  announced  an 
alliance  with  Narad  Networks  to 
develop  an  architecture  designed  to 
let  cable  companies  more  easily  and 
cost-effectively  provision  services  to 
companies.  Narad  will  develop  and 
deploy  a  delivery  platform  that  lets  IT 
services  be  delivered  at  speeds  of  up 
to  100M  bit/sec  over  existing  cable 
lines,  which  is  20  to  50  times  faster 
than  current  speeds.  The  platform  will 
combine  IBM's  "device  to  back-end 
infrastructure  for  e-business”  with 
Narad’s  service  delivery  software  and 
broadband  access  technology. 

■  Edge  Wireless  has  awarded 
Nortel  a  three-year,  $18.5  million  con¬ 
tract  for  3G  wireless  equipment. 

Nortel  will  supply  Edge  with  GSM  and 
General  Packet  Radio  Service  wire¬ 
less  infrastructure  upgrades  for  its 
Time  Division  Multiple  Access  net¬ 
works  in  the  western  U.S.  and  will 
deploy  GSM  and  GPRS  radio  access 
and  core-switching  equipment  for 
Edge  in  California,  Oregon,  Idaho  and 
Wyoming.  Nortel  also  will  deploy  its 
Shasta  5000  Broadband  Services 
Node  and  Passport  Multiservice 
Switches  for  Edge,  for  subscriber 
management  and  Layer  2/Layer  3  data 
switching,  respectively. 


nel  operates  at  200M  bit/sec,  which  would 
use  less  than  2%  of  the  available  bandwidth 
in  a  10G  bit/sec  wavelength. 

ONS  15530  also  supports  SONET/SDH, 
ATM  and  Fiber  Connection  network  and 
storage  applications.  In  future  releases,  the 
ONS  15530  will  aggregate  multiple  higher- 
speed  network  and  storage  services,  such 
as  Gigabit  Ethernet  and  Fibre  Channel, over 
individual  wavelengths,  Cisco  says. 

Cisco  also  is  looking  to  multiplex  differ¬ 
ent  types  of  services  onto  a  single  wave¬ 
length,  says  Dave  Lively  senior  manager  of 
optical  strategy  at  Cisco. 

With  the  SAN  service  aggregation  capa¬ 
bilities  of  the  ONS  15530,  Cisco  is  playing 
catch-up  to  ONI  Systems  —  which  Ciena  re¬ 
cently  acquired  —  and  Nortel.  Cisco  is  the 
No.  4  vendor  in  metropolitan  DWDM  be¬ 
hind  Ciena/ONI,  Nortel  and  Sorrento  Net¬ 
works,  according  to  Dell’Oro  Group  (see 
graphic,  right). 

But  the  ONS  15530  is  only  the  first  step, 
analysts  say;  Cisco  still  has  a  long  way  to  go. 

“Ciscos  been  a  bit  lacking  with  regard  to 
service  aggregation,”  says  Dave  Dunphy, 
senior  analyst  for  optical  infrastructure  at 
Current  Analysis.  “ONI  and  Nortel  were  all 
over  that.  Cisco  is  now  responding  to  the 
hotter  opportunity  [in  metropolitan  opti¬ 


cal]  that’s  expected  to  drive  wavelength 
services  in  the  metro.” 

But  ESCON  support  alone  does  not  go  far 
enough,  Dunphy  adds. 

“ESCON  is  not  nearly  as  prevalent  as 
Fibre  Channel,”  he  says.  “But  they  don’t 
have  a  time  frame  yet  for  Fibre  Channel  or 
Gigabit  Ethernet. So  this  is  not  going  to  flip 
the  charts  in  market  share  or  short-term 
revenue.” 

As  a  result,  Dunphy  considers  the  ONS 
15530  an  early-phase  statement  of  direction 
for  Cisco. 

Deb  Mielke, principal  atTreillage  Network 
Strategies, says  ESCON-only  support  is  just  a 
short-term  shortcoming. 

“Cisco’s  filling  out  its  portfolio  incremen¬ 
tally]’ she  says.“Feople  need  to  see  how  SANs 
work  in  a  highly  dispersed  environment”  be¬ 
fore  incorporating  all  features. 

The  ONS  15530  supports  up  to  32  2.5G 
bit/sec  or  10G  bit/sec  wavelengths  on  a  sin¬ 
gle  fiber  pair. 

Other  DWDM  features  include  a  so-called 
Optical  Supervisory  Channel,  used  for  man¬ 
agement  and  performance  monitoring, 
and  four-channel  Optical  Add/Drop 
Multiplexer  modules,  which  let  the  systems 
be  configured  in  point-to-point,  ring  or 
meshed  network  topologies. 


^Playing  catch-up 

Cisco  has  its  work  cut  out 
for  it  in  metro  DWDM. 

2001  worldwide  metro  DWDM  revenue 


■  Nortel:  41.8% 

B  ONI:  27.7% 

Ciena:  17.1% 

Sorrento:  5.3% 

Cisco:  2.3% 

Based  on  total  of  $698.2  million 

SOURCE:  DEU'ORO  GROUP 


ADVA:  2.2% 
Lucent:  0.9% 
Alcatel:  0.1% 
Others:  2.6% 


Cisco  says  it  is  conducting  joint-testing  of 
the  system  with  IBM  in  IBM’s  server  and  stor¬ 
age  environments.The  testing  is  expected  to 
be  completed  within  the  next  quarter. 

The  base  ONS  15530  system  is  list  priced 
at  $54,000.  It  is  available  now  and  is  cur¬ 
rently  in  fewer  than  10  trials,  Lively  says.  ■ 


Kagoor  gear  manages  VoIP  traffic 


■  BY  JIM  DUFFY 

SAN  MATEO,  CALIF  —  Kagoor  Networks 
last  week  announced  several  new  and  en¬ 
hanced  voice-over-lP  traffic-management 
products  and  applications  aimed  at  facili¬ 
tating  enterprise-to-carrierVoIP  networking. 

The  new  offerings  address  security;  net¬ 
work  address  translation  (NAT);  VoIP  fire¬ 
wall  and  firewall  traversal;  service-level 
agreement  (SLA)  reporting;  and  monitor¬ 
ing,  remote  management  and  configura¬ 
tion  ofVoIP  endpoints.The  products  extend 
Kagoor’s  VoiceFlow  traffic  processing  and 
management  line,  which  supports  major 
VoIP  protocols  —  Session  Initiation  Pro¬ 
tocol,  H.323,  Media  Gateway  Control  Proto¬ 
col  and  MegaCo  —  and  is  compatible  to 
popular  VoIP  network  and  endpoint  equip¬ 
ment,  the  company  says. 

The  applications  and  products  are: 

•  Extensions  to  VoiceFlow  traffic-engi¬ 


neering  and  aggregation  devices  to  address 
security,  management  and  quality-of-ser- 
vice  (QoS)  at  the  enterprise  and  carrier 
demarcation  point. 

•  Firewall/NAT,  call  admission  control, 
advanced  call/services  support  and  SLA 
monitoring  applications. 

•  A  network-based  IP  Centrex  deploy¬ 
ment  application  that  eliminates  the  need 
for  customer  premises  equipment. 

•  Two  VoiceFlow  products:  the  VoiceFlow 
200,  a  low-end  enterprise  product  for  small 
and  midsize  businesses;  and  the  VoiceFlow 


More  online! 

See  what  steps  you  can 
take  to  limit  VoIP  security 
snafus. 
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3000,  a  high-end,  Gigabit  Ethernet-based 
traffic-management  system  for  service 
providers  and  carriers  addressing  the  small 
office/home  office  and  residential  markets. 

Kagoor  found  that  the  overriding  chal¬ 
lenges  of  carriers  about  enterprise-to-carr- 
ier  VoIP  peering  and  demarcation  have 
been  with  functionality  gaps  in  QoS  assur¬ 
ance;  NAT;  admission  control  and  SLA 
reporting;  and  the  prohibitive  cost  and 
complexity  of  VoIP  deployments. 

Solving  these  demarcation  issues  lets 
service  providers/carriers  interconnect 
public  VoIP  networks  with  private  VoIP 
enterprise  networks,  the  company  says. 

Kagoor  rolled  out  its  first  VoIP  traffic 
manager,  the  VoiceFlow  1000,  in  June  2001. 
Carrier  ITXC  has  deployed  this  product 
with  a  number  of  its  affiliates  and  Kagoor 
says  the  carrier  is  realizing  more  than  50% 
bandwidth  savings  and  longer  call-hold 
ing  times  for  VoIP  calls.B 


This  new  webcast 

is  ready 

when  f  OU  are. 


"Optical  Networking  Solutions  for 
the  Enterprise"  webcast  topics: 

0  Why  Enterprises  are  choosing 
optical  networking 


Watch  this  webcast  today  and  hear  why  today's  leading 
enterprises  are  choosing  optical  networking  to  extend  their 
existing  network  infrastructure. 

Join  Mark  Gibbs,  Technology  Expert  and  Columnist  for  Network  World,  as  he  brings 
together  experts  from  Infonetics  Research,  Cisco  Systems,  Datek  and  Pinnacle  West 
to  explore  the  world  of  optical  networking.  Discover  how  you  can  extend  your  existing 
network  infrastructure  integrating  voice,  video,  data  and  storage  over  a  high  capacity, 
highly  available  next  generation  multi-service  optical  network.  The  end  result? 

A  flexible,  scalable  infrastructure  that  will  boost  productivity  and  lower  your  total 
cost  of  ownership.  Don't  wait  another  minute — watch  this  program  today. 


Industry  and  economic  drivers 
behind  optical  networking 


Why  Optical  and  IP  are  a 
perfect  fit 


Business  and  technology 
benefits  of  optical  networking 


Sponsored  by 


Produced  by 


•  Cisco  COMET:  Complete  Optical 
Multiservice  Edge  &  Transport 


View  at:  www.itworld.com/itwebcast/optical 
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■  AN  INSIDE  LOOK  AT  THE 
TECHNOLOGIES  AND  STANDARDS 
SHAPING  YOUR  NETWORK 


Layer  2  VPNs  allow  scalable  meshing 


Layer  2  multiservice  VPNs 


£0 


1: 


Corporate 
i  headquarters 


Kompella  draft  VPNs  offer  the  ability  to  tunnel  frame  relay  or  ATM  traffic 
across  a  service  provider’s  MPLS  core  network. 

A[ 

O  Each  edge  switch  knows  which  destina¬ 
tion  sites  belong  to  the  VPN  and  what 
the  data  link  connection  identifiers  are 
for  each  destination  site.  When  corpor¬ 
ate  headquarters  wants  to  send  frame 
relay  traffic  to  branch  office  B,  edge- 
switch  reads  Layer  2  header  to  identify 
location  of  destination  site. 
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©Edge  switch  sets  up  MPLS 
tunnel  to  destination  site 
and  sends  payload  across 
the  MPLS  network. 

©Multiservice  switch 
accepts  payload  and 
sends  it  to  branch  office. 
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Branch  office  A 


Multiservice  switches 


Branch  office  B 


■  BY  ANDREW  GIBBS 

When  it  comes  to  VPNs,  there  is  no  one- 
size-fits-all  solution.  However,  if  service 
providers  can  provision  multiple  VPN  ap¬ 
plications  from  a  common  network  plat¬ 
form,  the  operational  efficiencies  and  cost 
savings  gained  will  yield  a  wider  variety  of 
affordable  network  service  choices  for 
enterprise  customers. 

There  are  a  number  of  hybrid  Multi-pro¬ 
tocol  Label  Switching  (MPLS)  applica¬ 
tions.  For  example,  one  is  based  on  the 
Internet  Engineering  Task  Force’s 
Kompella  Provider  Provisioned  VPN 
Internet  draft  titled  Layer  2  VPNs  over 
Tunnels. 

Service  providers  can  deploy  this  appli¬ 
cation  as  an  unmanaged  service.  That 
means  it  will  let  enterprise  IT  departments 
retain  control  over  their  internal  IP 
addressing  schemes  while  gaining  a  more 
cost-effective  solution  for  full-mesh  con¬ 
nectivity  among  their  VPN  sites. 

The  technology  for  delivering  this  appli¬ 
cation  is  based  on  an  overlay  network  de¬ 
sign  in  which  customer  premises  devices 
transparently  peer  with  one  another  at 
Layer  3  through  an  MPLS  core  network 
using  a  block  of  frame  relay  or  ATM 


Got  great  ideas 


■  Network  World  is  looking  for  great 
ideas  for  future  Tech  Updates.  If  you’ve 
got  one,  and  want  to  contribute  it  to  a 
future  issue,  contact  Features  Editor 
Neal  Weinberg  (nweinberg@nww.com). 


attachment  connections. 

Inside  the  MPLS  cloud,  Border  Gateway 
Protocol  (BGP)  sends  information  about 
each  block  of  Layer  2  permanent  virtual 
circuits  (PVC)  to  all  remote  provider 
switch/routers  at  the  edge  of  the  service 
provider  cloud. 

Frame  relay  or  ATM  PVCs  are  logically 
tunneled  across  the  MPLS  backbone  to 
the  appropriate  provider  edge  device 
serving  the  intended  destination,  resulting 
in  point-to-multipoint  switching.  This  is 
possible  because  MPLS  can  stack  labels 
within  labels  and  the  edge  device  switch¬ 
es  on  only  label  at  a  time.  The  incoming 
Layer  2  protocol  control  header  identifies 
the  location  of  the  destination  site.  The 
Layer  2  look-up  table  at  each  edge  device 
contains  information  about  the  destina¬ 
tion  site  and  the  VPN  label  to  reach  it. 

At  each  participating  provider  edge  de¬ 
vice,  the  Layer  2  protocol  header  is 


stripped, and  its  IP  payload  is  encapsulated 
in  the  VPN  label. 

This  point-to-multipoint  capability  solves 
the  scalability  issue  associated  with  provi¬ 
sioning  conventional  Layer  2  frame  relay 
and  ATM  full-mesh  networks.  In  a  tradi¬ 
tional  Layer  2  network,  a  full  mesh 
requires  N  x  (N-l)/2  PVCs,  where “N”  is  the 
number  of  customer  sites.  For  example,  a 
10-node  network  would  require  45  PVCs, 
while  a  20-node  network  would  require 
190.  Adding  a  site  to  a  Layer  2  multiser¬ 
vice  MPLS  VPN,  on  the  other  hand, 
requires  just  configuring  the  provider 
edge  router  connected  to  the  new  site.  In 
addition  to  frame  relay  and  ATM,  multiser¬ 
vice  VPN  customers  can  use  Ethernet, 
Point-to-Point  Protocol  and  High-Level 
Data  Link  Control  access  connections. 

Security  of  enterprise  VPN  forwarding 
information  is  assured  by  partitioning  traf¬ 
fic  using  a  route-distinguisher  prefix, 


which  uniquely  identifies  each  VPN  cus¬ 
tomer’s  traffic  in  BGP  updates  between 
participating  provider  edge  devices. 
Without  route  distinguishers,  when  traffic 
from  many  VPNs  are  sent  through  one  tun¬ 
nel,  the  wrong  MPLS  label  might  be  used 
and  data  could  be  sent  to  the  wrong  VPN. 

Looks  like  frame  relay 

From  the  customer’s  point  of  view,  a 
Layer  2  multiservice  VPN  appears  just  like 
a  traditional  frame  relay  or  ATM  sub¬ 
scriber  service.  Enterprise  IT  departments 
will  retain  responsibility  for  IP  addressing 
assignments  at  every  site.  Each  site  will 
peer  with  one  another  at  Layer  3,  with  the 
service  provider  having  no  knowledge  of 
the  customer  routing  information. 

However,  the  service  provider  maintains 
and  manages  a  single  MPLS-based  net¬ 
work  for  Layer  2  multiservice  MPLS  VPNs 
and  Layer  3  IP-based  MPLS  VPNs  (speci¬ 
fied  in  IETF  RFC  2547).  Layer  3  MPLS  VPNs 
are  generally  deployed  as  managed  net¬ 
work  services  in  which  the  service 
provider  assumes  control  of  customer  IP 
addressing  assignments. 

Fortunately,  all  MPLS-based  VPN  applica¬ 
tions  can  be  provisioned  from  a  common 
MPLS  backbone  infrastructure.  Doing  so 
lets  service  providers  continue  supporting 
legacy  data  services  and  new  Layer  2  and 
Layer  3  services  in  a  scalable  manner 
without  having  to  run  multiple  networks. 
This  will  result  in  a  larger  choice  of  afford¬ 
able  services  for  enterprise  customers. 

Gibbs  is  senior  product  manager  of 
IP/MPLS  Services  for  WaveSmith  Net¬ 
works.  He  can  be  reached  at  agibbs@ 
wavesmithnetworks.  com. 


Dr.  Internet 


By  Steve  Biass 


I  had  to  uninstall  a  network  card,  and  when  I  unin¬ 
stalled  the  software  for  it  I  made  the  fatal  mistake 
of  answering  “Yes"  to  the  message  about  apparent 
unneeded  shared  file  deletion.  Ever  since  then,  I 
cannot  get  my  company-required  VPN  to  corrrectly 
install  and  run  on  the  system.  It  constantly  comes 
up  with  a  message  that  states  “VPN-1  Secure- 
Remote  -  Internal  Error"  with  no  explanation  or 
error  codes.  How  do  I  get  the  VPN  reinstalled  and 
running  without  completely  wiping  out  the  drive 


and  starting  from  scratch? 

I  did  that  once  too  with  SecureRemote.  Now  I 
write  down  the  name  of  the  file  before  I  delete 
it  so  I  can  get  a  copy  from  another  machine  if  a 
program  needs  it  later.  The  way  back  to  a  work¬ 
ing  version  of  SecureRemote  in  your  case  is  to 
use  the  add/remove  programs  feature  in  con¬ 
trol  panel  to  remove  the  remains  of  your  exist¬ 
ing  SecureRemote  installation.  Also,  remove 


whatever  is  left  of  the  SecureRemote  directory, 
then  search  the  registry  with  regedit  and  re¬ 
move  all  the  Check  Point  Software  and  Secure 
Remote  keys  you  find.  Reboot,  then  install  the 
SecureRemote  client  again  and  you  should  be 
good  to  go. 

Blass  is  a  network  architect  at  Change® 
Work  in  Houston.  He  can  be  reached  at 
dr.internet@changeatwork.com. 
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GEARHEAD 
INSIDE  THE 
NETWORK 
MACHINE 

Mark 

Gibbs 


Welcome  back  to  the  SNMP  show! 
Yes,  we’re  your  host,  Gearhead,  and 
we’d  like  to  start  off  this  week  with 
(roll  on  the  drums  please,  maestro)  SNMP 
message  structure!  Take  it  awaaaayyyy  . . . 

Thank  you  us,  thank  you  very  much.  We’d 
like  to  begin  with  what  SNMP  messages 
look  like.  Messages  in  SNMP  Versions  1 
and  2  consist  of  data  wrapped  in  a  User 
Datagram  Protocol  (UDP)  message.  This 
data  consists  of  a  header  and  a  Protocol 
Data  Unit  (PDU),aka“payload.”The  head¬ 
er  consists  of  two  fields:  Version  Number 
and  Community  Name. 

Version  Number  is  1  or  2,  depending  on 
the  version  of  SNMP  being  used,  and 
Community  Name  is  an  identifying  string 
that  names  the  group  of  managers  for 
which  the  message  is  intended. 

The  PDUs  of  all  types  of  messages 
except  traps  under  Version  1  (Get, 
GetNext,  Response  and  Set)  contain  the 
same  fields: 

•  Request  ID  —  a  value  that  associates 


The  SNMP  show 

requests  with  responses. 

•  Error  status  —  only  used  by  a  response 
to  indicate  an  error  (otherwise  it  is  set  to 

zero). 

•  Error  index  —  only  used  by  a  response 
to  associate  an  error  with  a  particular 
object  instance  (an  object  being  a  man¬ 
aged  entity  under  SNMP). 

•Variable  bindings — These  are  the  data 
fields  of  the  PDU.  Each  variable  binding 
associates  a  particular  object  instance  (a 
managed  item)  with  its  current  value  (this 
doesn’t  apply  to  Get  and  GetNext 
requests). 

SNMP  Version  1  traps  are  structured  a  bit 
differently  and  also  use  eight  PDU  fields: 

•  Enterprise  —  identifies  the  type  of 
managed  object  generating  the  trap. 

•  Agent  address  —  the  address  of  the 
managed  object  generating  the  trap. 

•  Generic  trap  type  —  indicates  a 
generic  trap  type. 

•  Specific  trap  code  —  indicates  spe¬ 
cific  trap  codes. 

•  Time  stamp  —  Provides  the  amount  of 
time  that  has  elapsed  between  the  trap 
being  generated  and  the  last  network 
reinitialization. 

•  Variable  bindings  —  As  in  the  above 
PDU  types. 

Version  2  tidied  this  up  somewhat  by 
using  one  format  for  all  existing  mes¬ 
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sage  types.  With  the  addition  of  one  new 
field  —  PDU  Type  (for  example,  Get, 
GetNext,  Inform,  Response,  Set  or  Trap) 
—  the  PDU  looks  the  same  as  the  format 
of  Version  1  Get,  GetNext,  Response  and 
Set  PDUs. 

But  Version  2  also  introduced  a  new 
request:  GetBulk. The  GetBulk  operation 
was  added  to  make  it  easier  to  access 
large  amounts  of  related  information 
without  initiating  repeated  GetNext 
operations.  GetBulk  was  designed  to  vir¬ 
tually  eliminate  the  need  for  GetNext 
operations. 

The  PDU  for  GetBulk  consists  of  seven 
fields  that  start  with  PDU  type  and 
Request  ID  and  then  gets  exotic: 

•  Nonrepeaters  —  used  when  there  are 
scalar  objects  with  only  one  variable  and 
specifies  the  number  of  object  instances 
that  should  be  retrieved  no  more  than 
once  from  the  beginning  of  the  request.  In 
otherwords.it  assures  nonduplicated  data. 

•  Max  repetitions  —  the  maximum  num¬ 
ber  of  times  that  other  variables  beyond 
those  specified  by  the  nonrepeaters  field 
should  be  retrieved. 

•  And  our  old  friend,  variable  bindings. 

What  is  really  different  in  Version  2  is 

security  The  header  inversion  2  messages 
is  often  called  a  wrapper.  This  wrapper 
includes  authentication  and  privacy  infor¬ 


mation  in  the  form  of  destination  and 
source  “parties.” 

A  party  is  an  SNMP  Version  2  entity  that 
can  initiate  or  receive  Version  2  communi¬ 
cation,  and  each  party  consists  of  a  single, 
unique  party  identity,  a  logical  network 
location,  one  authentication  protocol  and 
one  privacy  protocol.  In  addition  to  desti¬ 
nation  and  source  parties,  the  wrapper 
specifies  a  context  —  the  managed  objects 
visible  to  an  operation. 

SNMP  Version  1  specified  that  the  proto¬ 
col  operates  over  UDP  and  IP  The  Version 
2  specification  is  far  more  complex:  The 
transport  mapping  document  (RFC  1449) 
defines  SNMP  over  other  transport  proto¬ 
cols,  including  OSI  Connectionless  Net¬ 
work  Service  (CLNS),  AppleTalk’s  Data¬ 
gram  Delivery  Protocol  and  Novell’s 
Internet  Packet  Exchange,  and  includes 
instructions  on  how  to  provide  an  SNMP 
Version  1  proxy 

Well  folks,  that’s  all  we  have  time  for!  On 
our  show  next  week  we’ll  feature  the 
Management  Information  Base,  the  data 
structure  to  which  SNMP  requests  relate. 
So  tune  in  next  week,  same  journal,  same 
column. Until  then, this  is  Gearhead  saying 
goodbye. 

Show  your  lineup  to  gearhead@ 
gibbs.com. 


Cool  Tools 

Quick  takes 
on  high  tech  toys 

By  Keith  Shaw 


MicronPC  launches  new  notebook 

MicronPC  is  announcing  today  its 
new  T1000  notebook,  which  adds 
unique  features  to  the  world  of  note¬ 
books,  especially  in  the  security  area. 

Embedded  into  the  T1 000  is  a  biomet¬ 
ric  fingerprint  scanner  that  lets  users  log 
on  by  using  their  fingerprint  instead  of  a 
password.  The  system  embeds  the  finger¬ 
print  scan  into  the  computer’s  BIOS 
(MicronPC  expanded  the  BIOS  from  4M  to  8M 
bytes  to  allow  for  the  storage  of  up  to  16  fingerprint 
scans),  which  Micron  says  is  more  secure  than  Universal 
Serial  Bus  (USB)-enabled  fingerprint-scanning  products. 

In  addition  to  secure  logon,  the  software  can  use  a  fin¬ 
gerprint  scan  to  replace  a  password  in  people’s  favorite 
Web  sites.  Users  also  can  have  important  documents  or 
folders  encrypted  during  logoff.  The  documents  can  be 
decrypted  only  via  the  fingerprint  scan. 

Another  unique  feature  on  the  T1000  lets  users  play 
audio  CDs  and  MP3  CDs  without  having  to  boot  up  their 
computers.  A  part  of  the  display  cover  is  cut  out,  allowing 
for  access  to  the  audio  playback  buttons  on  the  computer 
when  the  cover  is  closed.  Speakers  for  the  audio  also  are 
placed  on  the  outside  of  the  device. 

A  third  feature  that  MicronPC  is  touting  is  the  inclusion  of 
a  bridge  battery  on  the  notebook’s  motherboard  that  gives 
users  3  minutes  of  back-up  power  to  replace  the  primary 


MicronPC  and  HP  show  off  new  PCs 


battery  A  MicronPC  official  says  secondary  batteries  on 
Mobile  Pentium  4  machines  cannot  provide  as  much  bat¬ 
tery  life  as  a  primary  battery  The  secondary  battery  usu¬ 
ally  replaces  an  optical  drive,  so  users  who  want  a  sec¬ 
ondary  battery  to  watch  DVD  movies  on  a  flight,  for 
example,  can’t  because  of  this  limitation.  A  bridge  bat¬ 
tery  would  give  users  a  chance  to  replace  the  primary 
battery  with  another  one  and  still  use  the  optical  drive. 
The  notebook  itself  includes  the  Intel  Pentium 
4-M  processor  with  speeds  of  up  to  2.0 
GHz,256M  bytes  of  DDR  RAM,  a  20G- 
byte  hard  drive,  an  8x  DVD  drive,  ATI 
Mobility  Radeon  7500  graphics  con¬ 
troller  with  32M  bytes  of  memory,  inte¬ 
grated  56K  bit/sec  modem  and  inte¬ 
grated  10/100  Ethernet. 

Integrated  802.11b  wire¬ 
less  (via  mini  PCI  card) 
is  also  an  option  for  users.  The  T1000  will 
start  at  $2,050,  weighs  4.9  pounds  and  is  1.1 
inches  thick. 

MicronPC  is  targeting  the  government, 
education  and  small  to  midsize  business 
markets  with  its  notebooks.  For  more  infor¬ 
mation,  head  to  www.micronpc.com. 


T1000  includes 
a  biometric  finger¬ 
print  scanner. 


HP  releases  new  desktops 

Hewlett-Packard  announced  a  new  com¬ 
mercial  desktop  and  two  new  consumer 
desktop  models  at  the  TechXNY  show  a  few 
weeks  ago.  The  Compaq  Evo  D510  e-pc  is 
the  latest  addition  to  the  Evo  Commercial 
Desktop  line.  The  D510  will  come  with  an 
Intel  Celeron  or  Pentium  4  with  845G 


chipset  and  should  be  available  later  this  summer.  The 
new  model  has  the  same  image  as  other  D500  series 
models  and  has  a  new  toolless  entry  design  for  quick  and 
easy  access  to  internal  parts  for  upgrade  and  repair,  HP 
says. 

On  the  consumer  side,  HP  announced  three  new  models, 
the  Pavilion  792N,  772N  and  522N.The  HP  Pavilion  792N, 
which  includes  an  Intel  Pentium  4  2.4-GHz  processor;  5 12M 
bytes  of  DDR  RAM;  a  120Gbyte  hard  drive;  DVD+RW/+R 
drive;  DVD-ROM  drive;  64M-byte  graphics  card;  and  inte¬ 
grated  1394, 10/100  Ethernet  and  USB  2.0  ports.  The  792N 
starts  at  $1,800  and  will  be  available  this  month. 

The  772N  comes  with  a  Pentium  4  chip  with  2.26-GHz 
processor,  512M  bytes  of  DDR  RAM,  an  80G-byte  hard 
drive  and  32M-byte  graphics  card.  It  starts  at  $1,450,  and 
will  be  available  this  month.  The  522N  comes  with 
an  Intel  Celeron  1.8-GHz  processor,  includes  256M 
bytes  of  DDR  RAM  and  a  60Gbyte  hard  drive.  It 
costs  $800  and  is  available  now.  Head  to 
www.hp.com  for  more  information  on  the  new 
I  models. 


Shaw  can  be  reached  at  kshaw@nww.com. 


HP's  Evo  D510  e-pc  has  a  toolless  entry  design. 
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Manage  It 

D 

SANavigator ™ 
Does  Both 


Today’s  complex  storage  networks  are  not  easy 
to  manage.  Even  on  a  good  day,  maintaining  and 
troubleshooting  SANs  comprised  of  multiple 
technologies,  vendors  and  devices  can  be  a 
navigational  nightmare.  Especially  if  you  can’t 
see  what  you’re  doing. 

SANavigator  makes  SAN  management  easy.  The 
powerful  discovery  tool  automatically  identifies 
all  SAN  components,  regardless  of  vendor  or 
protocol,  and  presents  you  with  a  clear,  detailed 
map.  From  a  single  console,  SANavigator  discov¬ 
ers,  plans,  configures  and  monitors  your  entire 
storage  network. 

What’s  more,  SANavigator  leverages  your  existing 
resources  to  reduce  hardware  and  personnel 
costs.  Real-time  performance  monitoring  tools 
boost  your  SAN’s  efficiency,  and  advanced 
planning  tools  reduce  the  risk  of  investing  in 

new  technologies. 


Take  a  good  look 
at  your  storage 
network. 

Then  chart  your 
course  with 
SANavigator. 


says 


Intuitive  visual  maps  facilitate 
SAN  planning  and  management. 


A 

V 

’  /  "j 

r* 

HjjT: 

mm 

;  i 

Visit  us  at 

sanavigator.com/seeit/net5 
for  a  FREE  SANavigator  demo  CD. 


s  a  trademark  of  SANavigator.  Inc  SANavigator.  Inc.  is  a  wholly  owned  subsidiary  of  McDATA  Corporation 
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SYBASE  e-BUSINESS  SOFTWARE.  EVERYTHING  WORKS 


IS  ONCE  AGAIN  A 


The  USA  PATRIOT  Act  now 
presents  everyone  with 
an  enormous  information 
integration  challenge.  The 
experts  agree  that  manual 
review  processes  for  your 
customers  and  their  financial 
transactions  will  no  longer 
suffice.  Non-compliance  is 
not  an  option.  The  only  question 
facing  you  is:  who  should  you  engage  as 
your  partner  in  implementing  a  solution? 

THE  SYBASE  APPROACH 

Our  approach  leverages  the  knowledge  and 
capabilities  we've  developed  over  nearly  20 
years  of  managing  information,  application 
and  process  integration. 

The  Sybase  PATRIOTcompliance  Solution 
helps  you  satisfy  the  integration  requirements 
of  the  USA  PATRIOT  Act  by  implementing  a 
totally  automated  process  for  filtering  your 
customers,  employees  and  suppliers  against 
known  suspects,  and  for  continuously 
monitoring  their  activities.  Our  solution 
is  operationally  unobtrusive,  secure  and 
cost-effective. 

THE  FIRST  STEP 

Our  first  step  is  a  Business  Requirements 
Assessment  that  helps  determine  your 
organization's  unique  needs. 

We  work  with  you  to  understand  your  front 
and  back  office  infrastructure.  We  embrace 
the  technologies  and  product  standardization 
of  your  environment.  We  extend  the  Anti- 

|PP” - - - \ 

The  Software 
Integration  Company 

We  can  help  you  integrate  all  the 
disparate  data  and  business  applications 
running  in  your  enterprise  and  extend 
them  to  any  location  in  the  world: 
platforms,  application  servers, 
components,  databases,  applications, 
processes,  integration  brokers,  even 
mobile/wireless  solutions.  By  choosing 
Sybase,  you  can  preserve  and  extend 
your  existing  infrastructure  investments, 
avoid  proprietary  traps,  and  improve 
efficiency  across  the  enterprise. 

V _ _ _ J 


Money  Laundering  and  Bank  Secrecy  Act 
investments  you've  already  made.  We 
make  our  solution  work  for  your  people. 

Having  tuned  our  PATRIOTcompliance 
Solution  to  your  environment,  we  implement, 
rigorously  test  (to  the  very  exacting  standards 
we  developed  to  earn  ISO  9001  /TickIT 
Certification)  and  deploy  the  solution. 


Simultaneously,  we  are  training  your  key 
users  and  administrators.  So  when  our  work 
is  done,  yours  can  go  on. 

IN  THE  END  IT  LOOKS  LIKE  THIS 

Every  solution  will  obviously  be  unique. 

But  typically,  you'll  find  a  secure  front-end 
employing  the  Sybase  Enterprise  Portal,  with 
pre-built  capabilities  for  list,  filter  and  rules 
management,  searches  across  applications 
and  data  stores,  internal  and  external 
communications,  management  of  the 
investigation  process,  maintenance  of 
search  and  investigation  histories  and, 
of  course,  reporting  and  presentations. 

Tying  everything  together  is  the  Sybase 
Business  Process  Integrator  (BPI)  Suite 


and  an  array  of  adapters  (F.I.X.,  SWIFT,  Flat 
Files,  database,  CICS,  and  others)  for  accessing 
and  presenting  demographic  and  transaction 
information  from  your  core  systems. 

BPI  Suite  is  a  comprehensive  set  of  tools  to 
enable  you  to  rapidly  build,  manage,  monitor 
and  improve  complex  business  processes.  It 
also  speeds  the  development  of  Web  services, 


so  you  can  quickly  connect  applications  to 
other  agencies  or  other  financial  institutions. 

Get  a  complete  solution  that  doesn't  require 
you  to  start  from  scratch.  We  have  the 
tools  and  skills  to  have  you  in  compliance 
before  October.  And  who  could  have  an 
issue  with  that? 

We  can  help  you  get  started  right  away  at 
www.sybase.com/integrationsolutions. 


1  Sybase 

Information  Anywhere' 


(  THE  STRAIGHT  GOODS  ON  SOFTWARE  INTEGRATIO  nTj 


Direct  Post 


Switches 


Teller 

Platform 


Currency 


Clearings 


LENDING  AND  CREDIT 


CORE  APPLICATIONS/SERVICES  a  ASSOCIATED  INFORMATION  REPOSITORIES 

'  including  correspondent,  clearing  and  settlement 
“  including  specific  account  holder  information 

This  is  a  typical  architecture  for  a  depository  financial  institution.  It  can  be  easily  modified  to  fit  your  environment 
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•  Direct 


TRANSACTIONAL  LAYER 


SYBASE  PATRIOTcompliance  SOLUTION 


SYBASE 


Business  Process 
Management/ 
Activity  Monitoring/ 
Integration  Tools 


Enterprise  Portal/ 
Application  Server 


SOLUTION  COMPONENTS 


The  USA  PATRIOT  Act  contains  strong  measures  to  prevent,  detect  and  prosecute  terrorism  and  international  money  laundering,  greatly  expanding  the  breadth 
and  depth  of  the  old  laws.  Broadly  stated,  the  act  requires  that  financial  institutions  know  their  customers  and,  to  the  greatest  extent  possible,  their  customers' 
customers.  Compliance  for  bankers  and  securities  dealers  is  required  by  October  2002.  Non-compliance  could  involve  costly  civil  and  criminal  penalties. 


©2002  Sybase,  Inc.  All  rights  reserved.  All  trademarks  are  the  property  of  their  respective  owners. 
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EDITORIAL 

John  Dix 

Survey  says 

government  is 
vulnerable 

While  the  Internet  plays  a  prominent  role  in  the  fed¬ 
eral  government’s  plans  to  streamline  operations 
(see  in  our  stories  beginning  on  page  36), current 
e-governrrient  programs  are  not  adequately  secured. 

So  said  32%  of  395  IT  pros  questioned  about  the  govern¬ 
ment’s  cyber  security  practices.  Of  the  people  queried  in 
the  study  commissioned  by  the  Business  Software  Alliance 
(BSA),only  23% 
said  the  govern¬ 
ment  has  taken 
adequate  security 
precautions. 

Whats  more, 
nearly  half  the  re¬ 
spondents  believe 
“it  is  likely  the  U.S. 
government  will 
be  subject  to  a 
major  cyber  at¬ 
tack  in  the  next 
1 2  months.”  The 
BSA  says  a  major 
cyber  attack 
against  the  federal 

government  would  have  a  ripple  effect  on  the  private  sec¬ 
tor,  particularly  industries  such  as  transportation  and  com¬ 
munications,  along  with  on  state  and  local  governments. 
Here  are  some  other  findings: 

•  55%  of  the  respondents  said  the  likelihood  of  a  major 
cyber  attack  in  the  U.S.  has  increased  or  strongly  increased 
since  Sept.  1 1  (see  graphic). 

•  72%  said  “there  is  a  gap  between  the  threat  of  a  major 
cyber  attack  . .  .and  the  government’s  ability  to  defend 
against  an  attack." 

•  Of  the  72%,  29%  said  the  gap  has  increased  a  little 
since  Sept.  1 1,  while  7%  said  the  gap  has  increased  a  lot. 

•  47%  said  the  government  is  devoting  more  time  and 
resources  to  defending  against  cyber  attacks  than  it  did  to 
address  Y2K  issues,  but . . . 

•  .  .86%  said  the  government  should  devote  more  time 
and  resources  than  it  did  to  address  Y2K. 

The  BSAs  recommendations:  encrypt  Web  content;  craft 
legislation  to  force  companies/agencies  to  disclose  cyber 
security  attacks;  and  increase  government  funding  for 
cyber  security. 

At  the  very  least,  make  security  a  basic  priority.  Believe  it 
or  not,  the  government  has  all  but  overlooked  security 
with  some  of  its  Internet-based  initiatives. Want  proof?  See 
the  story  on  the  Department  of  the  Interior  on  page  51. 

—  John  Dix 
Editor  in  chief 
jdix@nww.com 


Cyber  threat 


The  risk  of  a  major  cyber  attack 
in  the  U.S.  since  Sept.  11  has  . . . 

Strongly  decreased  1%^  , - Not  sure1% 

Somewhat 
decreased 
6% 


Based  on  a  survey  of  395  IT  pros. 

SOURCE.  IPSOS  PUBLIC  AFFAIRS 


Test  wishes 

Regarding  “Searching  for  the  QoS  Holy  Grail” 
(www.nwfusion.com, DocFinder:  1122):The  abilities 
of  the  equipment  under  test  were  not  quantified  by 
using  a  quality-of-service  test  device.  Also,  I  would 
have  liked  to  see  a  description  of  the  denial-of-ser- 
vice  attack  and  more  about  the  actual  test  environ¬ 
ment  design  to  make  a  meaningful  judgment. 

You  presumably  selected  equipment  to  test  based 
on  availability  and  higher-layer  capabilities.  It  would 
be  helpful  to  discuss  in  an  article  the  usefulness  of 
the  higher-layer  capabilities  in  a  real-life  network. 

1  would  have  liked  more  discussion  on  the  difficult 
issues  of  tackling  connection  admission  control  or 
mechanisms  to  ameliorate  the  lack  of  it,  apart  from 
packet  classification  and  priority  Even  on  the  sub¬ 
ject  of  priority  there  was  no  mention  of  strict  queu¬ 
ing  capabilities,  which  are  mandatory  for  any  seri¬ 
ous  attempt  to  match  public  switched  telephone 
network  voice  standards  with  User  Datagram 
Protocol  (UDP)  packets. 

Your  test  used  small  packets,  which  is  recom¬ 
mended  for  networks  with  delay-sensitive  traffic,  but 
1  got  the  impression  you  only  did  this  to  get  the 
throughput  up.  Again, some  commentary  on  the  bal¬ 
ance  between  packet  size  and  WAN  link  bandwidth 
and  processor  packet-handling  capabilities  would 
have  been  nice. 

Paul  Norris 
Principal  consultant 
Analyst,  Ltd. 

Windsor,  Berkshire,  U.K. 

AT&T  and  hosting 

I  read  the  Q&A  with  Pat  Traynor  of  AT&T  with  some 
skepticism  (“AT&T  looks  to  rev  up  Web  hosting,” 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix.  editor  in 
chief,  Network  World,  118  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification 


ww.nwfusion.com,  DocFinder:  1123):  Her  comment 
that  “The  reason  that  business  needs  are  changing 
is  because  of  the  mission  criticality  of  the  business 
applications  and  the  nature  of  enterprise  business¬ 
es”  does  not  align  with  the  service-level  agreements 
AT&T  offers  at  its  collocation  facilities.  While  the 
nondisclosure  agreement  I  signed  does  not  allow 
me  to  discuss  specifics,  I  was  unhappy  with  many 
provisions  in  the  agreement  AT&T  offered  me.  My 
salesperson  flatly  told  me  that  unless  1  could  pur¬ 
chase  $25,000  per  month  of  services  from  AT&T,  I 
would  have  no  leverage  to  get  any  of  the  provisions 
modified.  What  their  stock  contract  provides  has  so 
many  loopholes  that  most  outages  would  not  be 
covered. This  is  not  mission-critical  service. 

Matthew  Leeds 
Vice  president  of  operations 
Gracenote 

Berkeley,  Calif. 

Power  play 

Regarding  your  Management  Strategies  article  “The 
power  of  users”  (www.nwfusion.com,  DocFinder: 
1124):  The  concept  of  using  “power  users”  to  assist 
their  less-proficient  peers  flies  in  the  face  of  “best 
practice”  and  common  sense.  In  addition  to  the 
impact  on  productivity  and  associated  costs, you  are 
unable  to  capture  the  effort  expended. 

You  already  have  one  paid  resource  not  being  pro¬ 
ductive  because  of  a  question  or  problem.Then  you 
pull  the  power  user  off  his  real  job  to  “help"  in  an 
area  that  is  not  his  core  competency. 

If  one  of  my  managers  came  to  me  with  a  hare¬ 
brained  scheme  like  this,  I  would  be  suspicious  of 
his  experience  and  competency. 

Bob  Hoffman 

Implementation  manager,  help  desk/deskside 

support 

Alternative  Resources  Corp. 

Barrington,  Ill. 


www.nwfusion.com 
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STRATEGY  SESSION 

Jeff  Kaplan 

This  has  been  a  year  of  escalating  scan¬ 
dals  and  never-ending  revelations 
regarding  the  shady  bookkeeping  of 
major  corporations  and  conflicts  of  interest 
among  accounting  firms  and  equity  analysts. 
Many  of  these  allegations  have  been  directed 
at  companies  within  the  IT  and  telecommu¬ 
nications  industries  in  particular,  raising  suspicions  about  the  broader 
business  practices  of  every  vendor  or  service  provider  in  our  industry 
These  concerns  have  heightened  customer  reticence  to  buy  new 
equipment  or  subscribe  to  new  services.  As  a  result,  a  renewed  effort  to 
regain  customer  confidence  is  necessary 
In  the  IT  and  telecommunications  industries,  the  trust  issue  doesn’t 
start  or  end  with  corporate  mismanagement  or  abuse.There  also  is  an 
undercurrent  of  cynicism  and  distrust  aimed  at  industry  analyst/ 
research  firms  and  venture  capitalists.  Their  inflated  market  forecasts 
and  aggressive  funding  strategies  encouraged  vendors  and  service 
providers  to  spend  billions  of  dollars  over  the  past  few  years  hyping 
half-baked  products  and  services  in  new  market  segments  that  never 
materialized. Their  bold  pronouncements  of  revolutionary  changes  in 
computing  and  communications  also  encouraged  many  customers  to 
acquire  bleeding-edge  technologies  and  poorly  provisioned  services 
that  failed  to  meet  their  real  business  needs. 

Who  can  network  decision-makers  trust  in  this  climate  of  corporate 
deceit,  when  even  trusted  advisers  appear  to  have  ulterior  motives?  The 


Whom  can  you  trust? 


best  answer  is:  one  another. 

At  a  time  when  getting  back  to  basics  has  become  the  unwritten 
rule,  relying  more  heavily  on  your  peers  is  the  best  path  to  success. 
This  might  take  the  form  of  pushing  your  suppliers  for  solid  refer¬ 
ence  accounts  to  validate  specific  purchasing  decisions  or  partici¬ 
pating  in  ongoing  professional  associations.  Becoming  reacquaint¬ 
ed  with  your  cohorts  lets  you  make  better  acquisition  and  man¬ 
agement  decisions,  rather  than  respond  blindly  to  the  latest  trend 
or  forecast. 

You  can  still  justify  an  occasional  annual  trade  show,  if  you  truly 
intend  to  collect  valuable  insight  from  other  decision-makers  rather 
than  T-shirts  and  trinkets.  There  also  is  still  a  place  for  vendor-spon¬ 
sored  seminars  or  analyst  conferences,  if  you  are  equally  committed 
to  trading  real-world  experiences  with  your  colleagues  rather  than 
schmoozing  with  your  salesperson. 

Vendors,  research  firms,  conference  organizers  and  venture  capital¬ 
ists  can  encourage  this  type  of  healthy  interaction  by  redesigning 
their  events  and  marketing  strategies.We’ve  entered  a  time  when 
demonstrating  how  technology  can  solve  business  problems  is  all 
that  matters.  Designing  forums  that  can  help  network  managers  bet¬ 
ter  understand  these  problems  and  learn  how  to  solve  them  will  not 
only  make  them  better  decision-makers  but  more  loyal  customers. 

Kaplan  is  managing  director  of  THINKstrategies ,  a  consultancy  in 
Wellesley,  Mass.  He  can  be  reached  at  jkaplan@thinkstrategies.com. 


YANKEE  INGENUITY 

Tim  Kraskey 


The  1990s  were  the  go-go  boom  years  in 
high  tech;  the  current  decade  will  be  a 
time  of  real  soul  searching.  Here  are  10 
predictions  for  the  decade  —  some  bold, 
some  that  should  seem  obvious  but  are  not. 

•  The  death  of  the  operating  system. 
Operating  systems  won’t  go  away,  but  their 
prices  will  decrease  dramatically.  Microsoft’s  defense  strategy  against 
the  Linux  threat  will  be  to  raise  the  price  of  Office  Suite  to  offset  its 
operating  system  revenue  losses.  By  the  end  of  the  decade,  the  price 
for  Office  Suite  could  reach  $700  per  desktop. 

•  The  resurgence  of  the  telecom  oligopoly  The  local  exchange  carri¬ 
ers  (LEC)  will  become  onestop  shops  with  new  services,  but  lousy  ser¬ 
vice.  What  we  need  to  do  is  separate  wholesale  of  the  last-mile  facilities 
from  the  services  offered  over  these  facilities. This  will  take  at  least  10 
years. 

•  Pervasive  wireless.  Wireless  technology  will  be  supported  just  about 
everywhere.  If  you’re  using  a  PDA,  mobile  phone,  PC  or  other  device, 
you  will  have  access  to  useful  information  and  the  quality  of  service 
will  actually  be  good.  New  applications  will  be  developed  serving  real 
needs  instead  of  just  advertising  and  the  latest  Victoria’s  Secret  fashion 
show. 

•  The  birth  of  the  integrated  bill. Verizon, SBC  or  BellSouth  will  begin 
consolidating  your  long-distance, local  calling, cellular  and  Internet  ser¬ 
vice  into  one  bill.  Then  they’ll  form  relationships  with  suppliers  of 
goods  like  Amazon  to  have  your  charges  billed  to  your  phone  bill. 

•  Security  is  everywhere.  Big  Brother  is  fully  watching  you  now.  Get 
over  it.The  upside  is, you  will  be  able  to  make  secure  transactions  while 
protecting  your  confidential  information  more  easily. 

•  IP  packets  finally  take  over  circuits.  When  will  IP  packets  replace 
voice  circuits  for  voice  traffic?  Internet  bit-heads  say  it  already  has  hap¬ 
pened:  Bell-heads  say  never.  It  is  somewhere  between.  I  predict  we  will 
see  significant  progress  by  2010.  It  will  be  a  25-year  process  to  replace 
most  Class  5  central  offices  with  voice-over-packet  technologies.  In  the 
second  half  of  this  decade,  service  providers  will  begin  offering  newly 


Ten  predictions  for  the 


integrated  services,  particularly  in  the  call  center  area.  Web-based  call 
centers  with  click-to-talk  features  will  be  used  for  customer  support. 

•  The  emergence  of  fiber  to  the  home.  A  LEC  recently  told  me  very- 
high-bit-rate  DSL  will  never  reach  the  neighborhoods.  So  how  do  they 
get  the  bandwidth  to  the  home  to  offer  the  total  integrated  services  to 
support  data,  voice  and  video?  First,  they  partner  with  vendors  that  can 
get  them  there  todaysuch  as  Echo  Star.  Next,  they  start  planning  to  wire 
every  home  in  the  next  25  years  with  fiber. This  will  give  them  the  band¬ 
width  to  offer  many  services  they  can’t  offer  today. 

•  Computers  that  require  no  rebooting.  The  new  operating  systems 
will  have  built-in  diagnostics  and  fix  themselves.  We  will  have  self-heal¬ 
ing  networks,  and  Cisco  will  figure  out  how  to  spell  carrier  class,  which 
means  no  downtime  even  for  upgrades.  Mission-critical  applications 
can’t  be  deployed  if  the  systems  they  are  being  built  on  are  not  stable. 
Both  Microsoft  and  Cisco  have  an  obligation  to  take  this  stuff  seriously 
and  fix  the  problems. 

•  Intelligent  voice  recognition  everywhere.  Voice  recognition  tech¬ 
nology  is  just  starting  to  find  its  way  into  the  mobile  phone  networks, 
and  soon  cars  will  have  support  for  voice-activated  directions  on  their 
Global  Positioning  Systems. Voice  recognition  will  be  augmented  with 
data-mining  applications  to  help  sift  out  information  for  call  centers. 
Dell, Gateway  and  Hewlett-Packard  will  be  early  to  the  game  with  these 
sorts  of  products. 

•  AOLTime  Warner  becomes  the  fourth-largest  phone  company  AOL 
Time  Warner  will  emerge  as  the  only  threat  to  the  LECs.  AOL  Time 
Warner’s  next  move  will  be  to  buy  AT&T,  WorldCom  or  Sprint  to  help  it 
become  a  truly  legitimate  carrier. This  will  give  AOLTime  Warner  local 
connectivity  and  a  national  footprint  for  offering  additional  services. 

Now  we  are  in  a  lull,  but  soon  growth  will  transform  the  Internet  era 
of  the  1990s  into  the  “database  talking  directly  to  database”  era  of  2010 
and  beyond.  Place  your  bets,  and  let’s  see  what  the  future  holds. 

Kraskey  is  managing  director  at  YankeeTek  Ventures,  a  Cambridge, 
Mass.,  venture  capital  fund  for  early-stage  technology  companies.  He 
can  be  reached  at  tim@yankeetek.com. 


At  a  time  when 
getting  back  to 
basics  has 
become  the 
unwritten  rule, 
relying  more 
heavily  on  your 
peers  is  the  best 
path  to  success. 
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INTERNET  DISRUPTION 

'Net  access  denied 

A  look  at  how  a  Web  shutdown  crippled 
the  Department  of  the  Interior. 


Ambitious  program  comprises  two  doze 

effort  focused  on  establishing  online  trust  rel 
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E- AUTHENTIC  AT  TON 

Getting  plugged  in  to 
E-Government 


Ambitious  program  comprises 
two  dozen  projects,  including  ' 
e-Authentication  effort  focused  on 
establishing  online  trust  relationships^^ 
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0)  Telecom  titan 

The  world’s  biggest  telecom  program 
gets  an  overhaul,  with  a  focus  on  wire-  i  j 
less  and  security.  I  / 
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NATIONAL  SECURITY  SYSTEMS 

System  security  finds  common 
ground 

Throw  away  that  old  orange  book.The  j 
NSA’s  new  Common  Criteria  for  evalu¬ 
ating  computer  system  security  has 
arrived  and  this  time  it  might  just  work. 


WIRELESS  COMMUNICATION 

Homeland  defense  looks 
to  go  wireless 

Federal  Emergency  Management  Agency 
will  get  $3.5  billion  to  help  state  and  local 
emergency  responders  solve  wireless 
interoperability  woes. 


INTERVIEW 

DISA  targets  net  flexibility 

The  principal  director  of  the  Defense 
Information  Systems  Network  —  the 
Department  of  Defense’s  backbone  — 
talks  about  tying  management  to  security. 


pply  for  Social  Security  benefits,  reserve 
campground  space  at  a  national  park  or 
comment  on  pending  legislation  —  all 
from  the  comfort  of  your  Internet-con¬ 
nected  home  computer. 


That’s  the  scenario  envisioned  by  the  U.S.  government 
under  its  broadly  termed  “E-Government”  plan  to  simpl¬ 
ify  delivery  of  its  services  to  citizens,  businesses  and 
municipalities. 


The  strategy  is  one  of  five  that  President  Bush  has  adopted  as  part  of  his  manage¬ 
ment  reform  agenda,  which  is  aimed  at  making  government  more  about  citizens  than 
bureaucracies. 

“Just  like  companies  were  product-centered,  governments  tend  to  be  agency-centered,” says 
Mark  Forman,  associate  director  for  IT  and  E-Government  at  the  U.S.  Office  of  Management 
and  Budget  (OMB). “The  president  wants  the  government  to  look  across  the  agencies  and 
focus  on  the  citizens.” 

Forman  is  a  man  who  could  help  make  that  happen.  He  oversees  federal  IT  spending  — 
which  will  exceed  $48  billion  this  year  and  $52  billion  in  2003  —  and  he  is  leading  the  fed¬ 
eral  governments  digital  remodeling. 

Last  fall,  a  Forman-led  task  force  of  81  members  from  46  agencies  identified  24  “high- 
payoff”  projects  to  focus  on  during  the  next  18  to  24  months.These  projects  will  consoli¬ 
date  several  hundred  overlapping  IT  projects  in  the  federal  government,  Forman  says.Their 
expected  payoff  will  be  in  the  form  of  improved  operating  efficiencies,  more  targeted 
spending  and  less  paperwork,  totaling  possibly  several  billion  dollars  in  savings,  the  task 
force  concluded. 

For  the  most  part,  the  projects  fall  into  four  categories,  organized  around  interactions 
with  citizens,  businesses,  states  and  localities,  and  internal  users  (see  graphic  at  www.nw 
fusion.com,  DocFinder:  1126).  For  example,  Online  Access  for  Loans  will  help  citizens 
and  businesses  find  the  right  loan  option  for  their  needs;  Federal  Asset  Sales  will  consol¬ 
idate  150  disparate  sites  dedicated  to  selling  federal  assets;  and  e-Training  will  provide 
a  centralized  repository  of  government  courseware. 

Forman  says  the  current  administrations  E-Government  projects  are  not  cos¬ 
metic,  not  simply  putting  up  Web  content  —  which  he  calls  “Web  enablement.”The 
federal  government  already  has  plenty  of  Web  content,  with  more  than  33  million 
Web  pages  and  22,000  Web  sites,  he  says. “We  do  not  do  Web  enablement.  Web 
enablement  locks  in  poor  customer  service  for  us,”  Forman  says,  referring  to  Web 
sites  that  merely  put  a  new  face  on  old  processes. 

Rather,  the  projects  are  about  backstage  fixes  —  for  example,  integrating  multi¬ 
ple  agencies’ systems  to  streamline  the  process  of  applying  for  an  economic 
development  grant,  which  today  could  require  a  community  to  file  more  than 
1,000  forms  with  250  federal  bureaus.“Pretty  soon  you’ll  see  a  lot  better  service, 
but  it’s  not  because  there’s  a  prettier  Web  site.  It’s  because  we’ve  fixed  the  redun¬ 
dancy  he  says. 

In  its  strategizing,  the  task  force  identified  potential  obstacles  that  could  derail 
the  E-Government  effort.  Recurring  barriers  included  agency  culture, stakeholder 
resistance,  resources  and  trust. 

Overcoming  close-minded  agency  cultures  and  stakeholder  resistance  are  manage 
ment  issues  —  mitigation  requires  strong  leadership,  communication  and  engaging  resis- 
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Citizens  online. 

Sixty-eight  million 
American  adults  have 
used  government 
agency 
Web 

sites,  up 
from  40 
million  in 
March,  2000. 
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tant  parties,  the  task  force  determined.  Forman  says  collaboration  among  agencies  is 
sometimes  very  easy.'The  people  have  wanted  to  collaborate,  they  just  were  looking  for 
leadership.  Now  the  White  House,  via  my  officers  providing  that,”  he  says. 

The  resources  issue  might  be  mitigated  by  moving  resources  to  programs  with  the 
greatest  potential,  the  task  force  says. 

The  trust  issue,  it  turns  out,  requires  an  initiative  of  its  own:  e-Authentication. 

Security  plus  privacy 

E-Authentication  is  one  of  24  official  E-Government  initiatives,  though  it  differs  be¬ 
cause  it’s  an  infrastructure  project  that  is  intended  to  be  used  by  the  other  task-ori-  • 
ented  initiatives. 

A  linchpin  of  E-Government,  the  authentication  project  will  set  a  standard  for  deter¬ 
mining  identity, says  Jeanette  Thornton,  portfolio  manager  for 

e-Authentication  at  OMB.  Among  the  22  other  projects,  there  is  a  need  for  such  features 
as  access  control  and  digital  signature  support  to  ensure  secure  communications  and 
transactions.  Rather  than  address  authentication  separately  for  each  initia¬ 
tive,  the  e-Authentication  project  provides  a  shared  service  that  lays  out  a 
method  for  proving  identity  to  the  federal  government,  says  Thornton,  who 
acts  as  a  liaison  between  OMB  and  the  e-Authentication  project  team. 

Granularity  is  a  key  part  of  e-Authentication.  Different  applications  re 
quire  different  levels  of  security  which  need  to  be  defined  through  busi¬ 
ness  policies.  Potentially,  a  user  will  present  a  credential  —  a  password, 
certificate,  smart  card  or  token  —  to  access  to  the  appropriate  apps. 

“There  are  lots  of  transactions  buried  in  22,000  Web  sites,  lots  of 
opportunities  for  authentication,”  Forman  says.“To  allow  a  citizen  to  do 
a  simple  transaction  that  cuts  across  agencies,  the  authentication  infra¬ 
structure  has  to  be  built.” 

Some  of  the  funding  to  do  that  is  in  the  bag.  In  April,  OMB  allotted  $2 
million  to  get  the  e-Authentication  project  started. Today,  the  project  is  in 
the  definition-and-requirements  stage.  Steve  Timchak,  program  manager 
for  the  e-Authentication  initiative,  leads  the  project  team. Timchak  is 
with  the  General  Services  Administration  (GSA),  which  is  the  agency 
charged  with  managing  e-Authentication.  ||  i 

He  says  the  project  team  has  three  primary  tasks:  determine  the 
authentication  requirements  for  each  of  the  E-Government  initiatives; 
build  an  authentication  gateway  to  map  authentication  levels  to  the  dif¬ 
ferent  applications;  and  provide  common  solutions  for  varying  authenti¬ 
cation  needs. 

Basically,  it’s  about  providing  a  level  of  trust  appropriate  to  the  appli¬ 
cation, Timchak  says.  Some  transactions  require  strong  authentication, 
others  won’t.  Making  a  payment  to  the  Internal  Revenue  Service  might 
require  a  public-key  infrastructure  (PKI)-type  credential,  whereas  for 
browsing  business  loan  options,  an  ISP-provided  personal  identification 
number  and  password  might  be  sufficient. 

The  key  is  not  to  grossly  over-  or  under-secure  any  transaction.“We 
certainly  don’t  think  that  we’re  going  to  issue  digital  credentials  to  285 
million  Americans  by  any  means, ’’Timchak  says. 

To  determine  the  level  of  security  required,  the  GSA-led  project  team 
is  using  a  modified  version  of  the  Operationally  Critical  Threat,  Asset 
and  Vulnerability  Evaluation  tool  developed  by  the  CERT  Coordination 
Center  at  Carnegie  Mellon  University. 

On  the  security  technology  front,  the  government  is  getting  help  from 
Mitretek  Systems,  a  nonprofit  organization  that  held  a  “technical  exchange 
day”  in  June  to  brief  security  vendors  on  the  government’s  authentication 
plans  —  at  least  at  a  conceptual  level.The  next  step  is  to  issue  a  request 
for  information  to  vendors,  followed  by  a  request  for  proposal. 


Based  on  its  interaction  with  industry  vendors,  Mitretek  then 
will  develop,  build  and  deploy  a  prototype  gateway  which  team 
members  expect  to  be  operational  —  and  processing  live  transac¬ 
tions  from  at  least  one  other  E-Government  project  —  in  Septem¬ 
ber.  Full  deployment  of  the  gateway  will  follow  a  year  later,  according  to  estimates. 

“We  have  a  pretty  rigorous  schedule  we  have  to  adhere  to, ’’Timchak  says. 

Fortunately  GSA  and  company  aren’t  starting  from  scratch. The  e-Authentication 
initiative  builds  on  existing  government  efforts  to  secure  Internet  transactions. The 
GSA,  through  its  Access  Certificates  for  Electronic  Services  program  and  the  National 
Finance  Center,  has  established  models  for  acquiring  technology  to  authenticate 
users,  Timchak  says. 

“What  we  would  like  agencies  to  consider  is  taking  a  look  at  those  contract  vehi¬ 
cles  for  PK1  that  are  already  in  place  within  the  government, ’’Timchak  says.“Any  busi¬ 
ness  case  certainly  ought  to  consider  what’s  already  in  place  and  use  it  if  it  makes 
sense  to.”  ■ 


E-AUTHENTICATION 


PKI  particulars 


The  concept  of  a  single  security  gateway  for  authenticating  users  of  e-gov¬ 
ernment  services  might  seem  straightforward,  but  the  reality  of  assembling 
such  a  beast  can  be  pretty  complex.  Here  are  a  few  issues  the  e-Authentic- 
ation  project  teams  might  face: 

★  Component  interoperability.  A  registration  authority  from  one  vendor,  smart 
card  from  another  vendor  and  certificate  authority  from  a  third  company  often 
just  don’t  play  together. “Some  of  the  standards  were  never  completely  agreed  on 
by  the  important  vendors,  other  standards  are  very  complex. There  are  details  that 
can  go  wrong,”  says  Daniel  Blum,  an  analyst  with  Burton  Group  and  a  Network 
World  columnist. 

★  Application  integration.  It’s  a  Catch-22: There  hasn’t  been  great  incentive  to 
adopt  public-key  infrastructure  because  few  applications  have  been  integrated 
with  PKI  —  and  because  PKI  adoption  is  low,  few  developers  have  done  the  work 
required  to  build  complex  PKI  support  into  their  applications. 

★  Policy  interoperability.The  whole  government  hasn’t  agreed  on  a  common  policy 
classification  scheme,  so  it  might  be  that  what  the  Air  Force  considers  sensitive  and 
what  the  Internal  Revenue  Service  considers  sensitive  and  what  General  Services 
Administration  considers  sensitive  are  three  different  things. 

★  Scalability.  Entities  such  as  the  Federal  Bridge  Certificate  Authority  (a  trust  clear¬ 
inghouse  that  handles  interoperability  among  federal  agency  PKI  domains)  have 
been  running  in  pilot  mode  and  therefore  don’t  have  the  infrastructure  to  handle 
millions  or  billions  of  transactions  per  day  —  which  is  what  the  infrastructure  might 
have  to  deal  with  if  the  government  starts  enabling  widespread  PKI. To  set  up  such  a 
huge  infrastructure  will  take  lots  of  time  and  money,  Blum  says.“Realistically  they’ll 
probably  do  something  like  crawl,  walk,  run.  But  right  now  they’re  barely  crawling,” 
he  says. 

★  Product  pool.  Choosing  vendors  with  staying  power  is  key.  Many  of  the  small 
companies  that  provide  PKI  products  have  been  hammered  by  the  poor  economy. 

—  Ann  Bednarz 
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Reinventing  FTS  2001,  the  mega-telecom  contract. 


he  federal  government  is  entering 
a  new  era  for  telecommunications 
services  as  it  embraces  competi¬ 
tive  market  dynamics  and  a  mis¬ 
sion  focused  on  security  and  relia¬ 
bility  This  shift  is  evident  in 
_  changes  to  FTS  200 1 ,  the  govern¬ 
ment’s  primary  vehicle  for  purchasing  voice  and 
data  network  services. 

Long  split  between  WorldCom  and  Sprint,  the  FTS  2001  program  was  recently  opened 
to  Qwest  and  AT&T  (WorldCom’s  share  of  that  split  has  been  thrown  into  question  by 
the  company’s  financial  crisis). The  result  is  increased  competition  for  government 
business  and  speedier  technology  upgrades,  as  carriers  bolster  their  FTS  2001  offer¬ 
ings  to  reflect  their  commercial  product  lines. 

Additionally,  the  Sept.  1 1  attacks  have  had  a  ripple  effect  on  FTS  2001,  which  is  try¬ 
ing  to  reinvent  itself  as  a  means  for  ensuring  continuity  of  agency  operations.  A  slew  of 
managed  network  services,  security  tools  and  alternative  transport  services  are  being 
added  to  FTS  2001  to  accommodate  the  cybersecurity  requirements. 

“Sept.  1 1  was  a  watershed  event  for  FTS  2001, "says  Dennis  Groh,  who  oversees  the 
program  for  the  General  Services  Administration. “It  jump-started  us  into  [offering] 
mobile,  wireless  and  data  security  services  with  a  vengeance.” 

The  contract  supports  18  federal  departments,  including  Agriculture,  Justice  and 
Health  and  Human  Services  (HHS).  It  also  serves  14  independent  agencies,  including 
the  Social  Security  Administration  (SSA).Any  one  of  these  federal  customers  dwarfs 
most  corporations  in  terms  of  number  of  users,  and  amount  of  traffic. 

Annual  expenditures  on  the  eight-year  program  are  holding  steady  at  $600  million, 
even  though  prices  for  individual  services  have  dropped  an  average  of  20%  per  year. 

Unlike  its  predecessor  contract  FTS  2000,  FTS  2001  is  optional.  Federal  network 
executives  can  decide  whether  to  use  FTS  2001  for  voice  and  data  network  services, 


and  they  can  choose  which  carrier  they  want.  Overwhelmingly,  they’ve  chosen 
WorldCom,  which  has  66%  of  the  program’s  revenue  to  Sprint’s  34%,GSA  says. 

FTS  2001  offers  a  full  suite  of  voice  and  data  services,  including  toll-free  services, 
private  lines,  frame  relay,  ATM,  video  teleconferencing  and  Internet  access.  Newer  offer¬ 
ings  include  managed  network  and  security  services,  including  VPNs. 

The  majority  of  the  traffic  on  FTS  2001  is  data,  which  represents  65%  of  the  expendi¬ 
tures  compared  with  35%  for  voice  services.  Data  traffic  is  growing  at  about  30%  per  year. 


More  than  half  of  the  data  traffic  is  frame  relay 
rather  than  newer  IP-based  services.  ATM  is  also 
popular  in  the  federal  market,  often  used  as  the 
backbone  for  frame-relay  traffic.  Among  the  agen¬ 
cies  using  ATM  backbones  to  carry  frame  relay  traf¬ 
fic  are  SSA  and  the  Department  of  the  Interior. 

SSA  used  the  program  to  overhaul  its  network, 
which  links  1,775  sites  and  85,000  users. 

SSAs  old  network  relied  on  56K  bit/sec  dedicated 
circuits  bridged  together  in  a  flat  design. Video  tele¬ 
conferencing  had  to  be  run  on  a  separate  network, 
and  the  old  ones  couldn’t  support  subnetting, 
which  is  required  for  directory  services. 

The  new  network,  provided  by  WorldCom,  has  a 
DS-3  ATM  backbone  that  links  SSAs  National 
Computer  Center  in  Baltimore  with  six  major  nodes. 

The  rest  of  the  locations  have  128K  bit/sec  frame 
relay  circuits. 

“It’s  not  that  our  old  network  was  failing  or  that 
it  wasn’t  high-performance,  but  it  didn’t  have  the 
scalability  and  it  didn’t  have  the  ability  to  integrate 
voice,  video  and  data  like  newer  technologies,” says 
Jim  Preissner,  associate  commissioner  for  telecom¬ 
munications  at  SSA. 

Preissner  says  SSA  spent  about  $30  million  on  the 
upgrade,  but  used  $9  million  in  transition  funds  avail¬ 
able  from  the  GSA.By  going  with  frame  circuits,  SSA 
saved  $50  million  vs.  the  cost  of  doubling  its  band¬ 
width  using  dedicated  circuit  technology 

“We  had  additional  discounts  and  credits  from 
WorldCom  that  reduced  the  cost  by  half,”  Preissner 
says.“That  made  it  very  economical.” 

The  transition  took  18  months  and  was  com¬ 
pleted  in  December.  Next  year,  SSA  plans  to  double 
the  bandwidth  again  to  increase  all  its 
frame  relay  circuits  to  256K  bit/sec. 

“Anything  this  big  has  its  bumps,” 

Preissner  acknowledges.There  were  a  number  of  months  where  we  were 
upgrading  200  sites  per  month.  We  had  some  difficulties  getting  started 
because  we  had  to  get  the  core  infrastructure  in  place  in  the  National 
Computer  Center. . .  .But  it  was  a  very  successful  network  transition  given 
the  size  and  complexity  of  the  network." 

Diana  Gowen,  vice  president  of  government  markets  at  WorldCom, says 
most  agencies  seem  content  with  the  quality  of  service  and  price  they’re 
getting  for  ATM  and  frame  relay.  She  predicts  that  when  agencies  move  off 
high-speed  frame  offerings,  they  will  migrate  to  private  IP  networks. 

“We  do  have  agencies  looking  at  private  IP  networks,  including  U.S. 
Geological  Survey,  NASA  and  HHS,”  Gowen  says.’They  are  not  moving  whole  hog  into 
VPNs  because  ...  of  security  concerns." 

That’s  not  to  say  that  agencies  don’t  have  IP  traffic.  Internet  and  intranet  traffic  are 
growing  dramatically  for  federal  agencies,  but  they  tend  to  keep  their  mission-critical 
data  traffic  on  legacy  technologies. 

“1  perceive  a  wariness  of  IP  because  of  all  the  publicity  around  hackers,  worms. 

See  FTS  2001,  page  40 
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Sept,  11  was  a  watershed  event  for 
FTS  2001.  It  jump-started  us  into 
[offering]  mobile,  wireless  and  data 
security  services  with  a  vengeance.” 

Dennis  Groh,  acting,  assistant  commissioner  in  the  office 
of  service  delivery  at  GSA’s  FederalTechnology  Service 
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$600  million 
per  year. 


FTS  2001  split 
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$600  million 
per  year*. 


*Both  contractors 
guaranteed  a  minimum  of 
$750  million  over  the  eight- 
year  life  of  the  contract. 
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Lighting  a  Path  to  Resilie 


A  Resilient  Enteprise  Built  on  DWDM 

The  Cisco  COMET  portfolio  includes  DWDM  solutions  that  enable  network  consolidation  over  a  single 
multiservice,  optical  infrastructure  that  offers  scalability,  flexibility  and  resiliency. 


Fibre  Channel,  ESCON 
SONET/SDH 
Gigabit  Ethernet 


Cisco  COMET  portfolio  provides 
an  optical  solution  to  demands  for 
network  reliability,  flexibility  and 
disaster  recovery 

BY  NOW  enterpr  ises  have  learned  only 
too  well  that  providing  network  resiliency  is 
a  business  imperative,  not  a  luxury.  But 
questions  remain  in  terms  of  how  best  to 
ensure  that  a  company  can  recover  from  any 
type  of  disaster,  and  that  employees  have 
uninterrupted  access  to  the  services  and 

applications  they  need  to  do  their  jobs. 

The  issue  comes  down  to  two  words:  protection  and 
agility.  Enterprises  need  to  protect  their  networks  from 
any  single  point  of  failure,  while  being  agile  enough  to 
rapidly  recover  from  a  disruption  and  deploy  applica¬ 
tions  wherever  they  are  needed.  While  these  are  hardly 
new  concepts,  they  have  taken  on  new  urgency. 

That  sense  of  urgency  is  leading  some  users  to  discov¬ 
er  new  ways  to  meet  the  demands  for  protection  and 
agility.  A  prime  example  is  optical  network  technology, 
as  embodied  in  the  Cisco  Systems  Complete  Optical 
Multi-service  Edge  and  Transport  (COMET)  portfolio.  Cisco  COMET  is  a 
comprehensive  product  portfolio  designed  to  integrate  voice,  video,  data 
and  storage  applications  over  a  single,  end-to-end  multiservice  optical  net¬ 
work.  Cisco  COMET  enables  enterprises  to  deploy  highly  fault  tolerant  net¬ 
works  that  have  the  bandwidth  and  flexibility  required  to  support  applica¬ 
tions  such  as  data  mirroring  and  backup,  storage-area  networks  (SAN),  net¬ 
work-attached  storage  (NAS)  and  voice  over  IP,  which  can  be  critical  lynch- 
pins  in  a  comprehensive  disaster  recovery  plan. 

“Every  enterprise  must  develop  plans  and  procedures  to  become  a  resilient 
organization,"  writes  David  Neil,  editor  in  chief  of  the  Enterprise  Networking 
segment  of  Gartner,  Inc.’s  recent  Spotlight  series  of  reports  on  building 
resilient  organizations.  “Not  having  such  a  strategy  places  the  enterprise  at 
enormous  risk  and  could  leave  it  in  a  situation  from  which  it  may  never 
recover." 

Building  in  Resiliency 

From  an  IT  perspective,  reducing  the  risk  of  a  business-threatening  event 
starts  with  designing  a  network  that  provides  for  high  availability,  with  no 
single  point  of  failure  and  rapid  recovery  times. 

Guaranteed  access  to  data  is  another  must,  one  that  is  driving  many  enter¬ 
prises  to  build  SANs  and  NAS  facilities.  In  either  case,  a  geographically 
separate  backup  storage  facility,  if  not  an  entire  backup  data  center,  is 
required. 

This  presents  a  challenge  for  many  enterprises  given  the  vast  difference  in 
bandwidth  typically  available  in  a  LAN  environment  vs.  a  MAN  or  WAN. 
Enterprises  can  meet  that  challenge  using  optical  technology,  lighting  up 
dark  fiber  or  individual  wavelengths  to  construct  a  metro  IP  network  that 
provides  the  high  bandwidth  and  network  resiliency  that  applications  like 
storage  require. 

"The  CISCO  COMET  portfolio  is  designed  to  keep  business  operations 
functioning  in  the  event  of  a  failure,  with  the  ability  to  recover  from  a  fiber 
outage  in  less  than  50  ms,"  says  Chris  McGugan,  senior  manager,  technolo¬ 
gy  marketing  for  Cisco.  “We've  spent  time  with  companies  like  IBM  and  EMC 
in  getting  Cisco  optical  solutions  certified  for  deployment  with  their  storage 


systems,  so  that  we  meet  their  latency  and  distance  requirements.” 

Cisco  has  also  worked  to  ensure  that  all  the  benefits  inherent  in  its 
Architecture  for  Voice,  Video  and  Integrated  Data  (AVVID)  extend  to  Cisco 
COMET.  AVVID  is  a  framework  for  leveraging  the  intelligent  network  fea¬ 
tures  inherent  in  the  Cisco  IOS  and  Catalyst  operating  systems  to  provide 
security  features  such  as  authorization,  authentication  and  accounting. 
AVVID  also  addresses  performance  issues,  providing  load  balancing  and 
advanced  quality  of  service  (QoS)  features. The  net  result  is  that  every  appli¬ 
cation  -  be  it  voice,  data  or  video  -  gets  the  network  performance  it  requires. 

Now  a  customer’s  existing  Cisco  enterprise  networking  solutions  can  tie  in 
to  an  optical  infrastructure,  while  maintaining  all  the  security  and  perfor¬ 
mance  monitoring  features  embodied  in  Cisco  AVVID.  So  customers  not 
only  get  massive  amounts  of  bandwidth,  they  get  bandwidth  that  is  applica¬ 
tion-aware. 

Cisco  COMET  delivers  on  the  well-known  fault-detection  and  traffic  re¬ 
routing  capabilities  of  SONET,  but  goes  a  step  further  by  providing  support 
for  the  emerging  Resilient  Packet  Ring  (RPR)  standard,  which  is  based  on 
Dynamic  PacketTransport  technology  developed  by  Cisco.  Both  SONET  and 
RPR  networks  can  route  around  failures  in  less  than  50  ms,  but  RPR  offers 
more  flexibility  and  a  lower  entry  cost,  McGugan  says.  Instead  of  installing 
a  SONET  multiplexer  at  each  location,  enterprises  can  terminate  an  RPR 
connection  directly  into  their  Cisco  COMET  devices  or  other  Cisco  equip¬ 
ment  such  as  the  Catalyst  6500  and  Cisco  7600  Series  router.  RPR  offers 
another  advantage  in  that  it  doesn't  require  users  to  reserve  extra  bandwidth 
to  be  employed  in  case  of  a  failure  of  the  primary  path,  as  does  SONET. 

Cisco  COMET  devices  also  perform  extensive  performance  monitoring, 
such  as  by  checking  bit  error  rates  and  detecting  Cyclical  Redundancy 
Checking  (CRC)  errors  that  indicate  signal  degradation.  That  enables  the 
devices  to  automatically  switch  traffic  to  a  backup  path  when  the  primary  is 
not  performing  properly. 

In  short,  enterprises  are  finding  that  converging  their  voice,  video,  data  and 
storage  networks  over  a  single  high-performance  optical  network  can  not 
only  provide  cost  savings  and  simplified  network  management,  it  can  be  an 
important  part  of  their  business  resilience  strategy. 


Learn  more  about  optical  networking: 

Download  the  white  paper,  "Cisco  COMET:  Optical  Networking  Solutions  for  the  Enterprise, 

from:  www.nwfusion.com/gocc/opticalwp. 
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FTS  2001 

Continued  from  page  38 

viruses  and  Trojan  horses. You  never  hear 
that  about  frame  or  ATM,”  says  Dave 
Pragel,  manager  of  FTS  2001  engineering 
and  revenue  services  at  Sprint. 

One  big  shift  this  year  is  the  addition  of 


two  carriers  under  the  FTS  2001  program. 
Qwest  was  added  to  provide  Web  hosting 
services,  while  AT&T  will  offer  its  full  suite 
of  voice  and  data  services.  Neither  carrier 
has  a  guaranteed  minimum  level  of  rev¬ 
enue  from  the  government,  as  do  World¬ 
Com  and  Sprint,  which  were  each  pro¬ 
mised  $750  million. 


“The  more  partners  we  have  on  FTS 
2001,  the  more  leverage,”  Groh  says. 

The  new  FTS  2001  providers  plan  to 
pursue  opportunities  such  as  managed 
Web  hosting  initiatives  spawned  by  Sept 
1 1.  Sprint  has  signed  up  the  Department  of 
Labor,  the  Bureau  of  Public  Debt  and  the 
Navy  for  its  Web  hosting  services.  Many 


Analysis,  Monitoring,  Security 
Delivered  by  our  Experts. 

AiroPeek  NX  and  EtherPeek  NX' 

Real-Time  Expert  Packet  Analysis 


EtherPeek  NX  -  Network  Magazine's  Product  of  the  Year,  May  2002 
AiroPeek  NX  -  Network  Computing's  Editor's  Choice,  May  2002 
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other  agencies  are  developing  contin¬ 
gency  plans  for  cyber  attacks. 

“Many  federal  data  centers  keep  their 
back-up  tapes  in  the  building. They  have 
no  redundancy  in  their  staff  support." says 
Jim  Payne, senior  vice  president  for  gov¬ 
ernment  markets  at  Qwest.“With  our  Web 
hosting  service  . .  .on  a  moments  notice 
an  agency  can  move  its  data  to  California.” 

The  GSA  is  beefing  up  its  FTS  2001 
offerings  in  several  areas,  including  man¬ 
aged  security,  land  and  mobile  radios  for 
first  responders,  and  satellite  services. 

“What  we’re  doing  is  packaging  these 
services  with  the  [prime  contractors], 
and  allowing  agencies  to  buy  them  by 
the  drink  and  not  by  the  case,”  Groh  says. 

GSA  is  establishing  five  levels  of  secu¬ 
rity  services  that  it  will  offer  on  the  FTS 
2001  contract  later  this  year. 

In  addition,  GSA  is  adding  new  trans¬ 
port  mechanisms  such  as  satellite  com¬ 
munications  so  agencies  can  develop 
diverse  systems  that  are  not  dependent 
solely  on  terrestrial  communications. 

GSAs  plan  for  FTS  2001  was  to  aggre¬ 
gate  traffic  in  a  long-term  contract  to  pro¬ 
vide  agencies  with  lower  prices.  By  all 
accounts,  the  government  has  done  a 
good  job  of  driving  its  rates  below  the 
drops  seen  in  commercial  accounts. 

“We  have  20%  discounts  across  the 
board  on  all  services,”  Groh  says.“Our 
rates  have  been  going  down  an  average 
of  20%  per  year,  every  year” 

Long-distance  voice  rates  dropped 
from  29  cents  per  minute  on  FTS  2000  to 
2  cents  per  minute  on  FTS  2001. 

Carriers  say  they  are  able  to  offer 
these  low  rates  on  FTS  2001  because  of 
the  volume  of  traffic  and  the  government’s 
long-term  commitment. 

“Name  a  commercial  client  that  will 
give  you  an  eight-year  contract,”  says  Don 
Teague,  vice  president  of  civilian  sales  for 
AT&T  Government  Solutions.’Term  is  non¬ 
trivial  when  it  comes  to  pricing.” 

In  addition  to  the  low  rates,  the  GSA  is 
stepping  up  its  efforts  to  improve  the  qual¬ 
ity  of  service  on  FTS  2001. That  business 
mentality  is  trickling  down  to  the  FTS 
2001  program  in  several  ways: 

•  GSA  has  slashed  the  time  it  takes  to 
modify  an  FTS  2001  contract  from  nine 
months  to  40  days. 

•  Provisioning  of  new  services  dropped 
from  90  days  to  30  days. 

•  With  a  new  Web-based  billing  sys¬ 
tem,  customers  can  access  their  bills  in 
45  days  instead  of  60  days. 

“FTS  is  trying  very  hard  to  improve  the 
efficiencies  of  its  processes,”  says  Ray 
Bjorklund,  vice  president  of  consulting  ser¬ 
vices  at  Federal  Sources,  a  research  firm. 
“Although  there’s  always  some  grumbling 
from  the  carriers  about  why  should  it  take 
one  month  to  add  a  new  service  instead 
of  two  days.” 

One  recent  improvement  is  how 
quickly  the  carriers  can  add  new  services. 

“Our  offerings  on  FTS  2001  are  virtually 
identical  to  our  commercial  offerings,” 
Sprint’s  Pragel  says.“We  are  very,  very  dose 
to  introducing  them  at  the  same  time  they 
are  launched  commercially  ■ 


Our  remote-control 
software  supports  more 
platforms  than  any  other 


Ever  wished  you  could  check  up 
on  your  company's  servers  when 
you're  out  of  the  office.  Or  have 
you  ever  wanted  to  take  a  second 
look  at  a  file  on  your  office  PC 
when  sitting  at  the  airport?  Well, 
now  you  can.  NetOp  Remote 
Control  lets  you  access  remote 
computers  from  virtually  any 
operating  system  in  the  world  - 
including  Windows  CE,  Linux, 
ActiveX  and  Windows  XP.  This 
gives  users  unrivaled  flexibility 
and  the  ability  to  access  PCs  via 
Internet  Explorer  or  a  PDA- per¬ 
fect  for  when  you're  away  from 
your  office  computer.  What's  more, 
NetOp  Remote  Control  offers 
unsurpassed  security  and  stability. 
Quite  simply,  there  isn't  a  remote- 
control  package  better  suited  to 
the  needs  of  IT  professionals. 


Download  a 

FREE 

fully-functional 
evaluation  copy  at 
www.NetOpUSA.com 


Centralized  security 

Centralized  authentication 
using  Windows  NT  SAM 
database,  Microsoft  Active 
Directory  or  the  advanced 
NetOp  Security  Server. 


Strong  encryption 

Encrypt  with  AES  256  bit 
keys  and  secure  with  256 
bits  SHAH  MACS.  Key 
exchange  uses  2048  bits 
Diffie-Hellman. 


Extensive  event  logging 

Log  events  to  a  local  file, 
the  NetOp  Security  Server, 
Windows  Event  log  or  to  a 
SNMP  enabled  management 
console. 


Hierarchical  address  book 

Organize  your  remote 
PCs<None>  in  a  scalable, 
multi-level  folder  structure 
for  easy  access  to  any  com¬ 
puter  on  your  network. 


IP  connections  made  easy 

The  optional  NetOp  Name 
Server  registers  NetOp 
names  and  resolves  them 
into  IP  addresses  upon 
request. 


Group  control 

Select  multiple  PCs  and 
initiate  NetOp  commands 
like  remote-control,  file 
manager,  chat,  run  program, 
log-off,  shutdown,  restart 
or  wake-on-LAN. 
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Windows  2000 
Terminal  Server 
Windows  NT  4.0,  3.51 
Windows  ME,  98,  95 
Windows  CE  3.0,  2.11 
ActiveX 
Linux 


Editor's  choice 

PC  Professionell 

Best  in  test 

PC  World 

Best  blend  of  features, 
security,  performance 

Computer  Reseller  News 

Editor's  choice 

PC  Expert 

Five  stars  out  of  five 
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500  NE  Spanish  River  Blvd. 
Suite  201 

Boca  Raton,  FL  33431 
800-675-0729  Sales  &  Support 
561-391-6560 
561-391-5820  Fax 
info@CrossTecCorp.com 
www.NetOpUSA.com 


Moving  expertise  —  not  people™ 
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Beginning  this  month,  all  new  national  security  systems  must  pass  Common  Criteria  testing. 


NATIONAL  SECURITY  SYSTEMS  BY  ELLEN  M  E  S  S  M  E  R 


ttcomm 


■finds 


groun 


on’t  bother  dusting  off  that  little-used 
Orange  Book  before  dumping  it  in 
the  trash. The  federal  governments 
new  Common  Criteria  manual  for 
computer  security  evaluation  just 
arrived,  and  this  time  it  has  global 
backing  so  it  just  might  work. 

The  National  Security  Agency  (NSA)  has  ordered 
that,  as  of  this  month,  all  new  national  security  systems 
have  to  run  operating  systems,  applications,  firewalls 
and  other  security  equipment  that  have  passed  the 
stringent  testing  spelled  out  in  Common  Criteria. What’s 
more,  the  purchasing  mandate  may  be  expanded  to  in¬ 
clude  civilian  agency  purchases. 

Common  Criteria  marks  the  first  time  governments  around  the  world  have  united  in 
support  of  a  security  evaluation  program,  and  that  should  help  expedite  testing  and 
lower  costs,  problems  that  plagued  the  former  approach. 

“It  used  to  be  very  expensive  to  evaluate  products  under  the  Orange  Book  scheme,” 
says  Mary  Ann  Davidson,  chief  security  officer  at  Oracle,  the  first  database  vendor  to  win 
the  coveted  Common  Criteria  certification  for  its  products.“One  of  the  benefits  of  the 
Common  Criteria  is  the  mutual  recognition 
by  all  the  nations  involved.” 

That  means  that  the  15  countries  backing 
the  Common  Criteria  agree  to  accept  the  lab 
results  without  requiring  more  testing.“Com- 
mon  Criteria  is  good  for  us  because  it  makes 
us  build  better  products,”  Davidson  says. 

By  all  accounts,  the  NSAs  Orange  Book 
program,  in  which  the  NSA  forced  vendors 
through  prolonged  product  testing  at  Ft. 

Meade,  Md.,  was  a  dismal  failure.  And  the 
governments  failure  to  buy  Orange  Book 
tested  products,  which  were  often  out  of  date 
after  years  of  testing,  was  a  blow  to  vendors 
that  invested  huge  sums  in  Orange  Book 
evaluations  (see  story,  page  44). 

As  an  international  movement,  CC  has 

expanded  since  its  start  as  a  collaborative  effort  by  five  countries  in  1996.Today,  15 
nations  formally  recognize  Common  Criteria  and  two  dozen  labs  around  the  world  are 
accredited  to  perform  CC  evaluations.  Common  Criteria,  as  a  process,  has  been  canon¬ 
ized  as  an  ISO  standard. 

In  the  U.S.the  mandate  to  buy  CC-evaluated  products  stems  from  a  directive  issued 
two  years  ago  by  the  NSA. This  directive,  named  The  National  Security  Telecommuni¬ 
cations  Information  Systems  Policy  No.  1 1  (NSTlSP^l  1), primarily  affects  buying  habits  in 
the  Department  of  Defense.  But  civilian  agencies  and  outside  government  contractors 
that  process  sensitive  government  data  also  need  to  comply. 


“We  have  systems  at  Commerce  [Department]  and  the  State  Department  that  run 
national  security  systems,” says  Ron  Ross,  director  of  the  National  Information  Assur¬ 
ance  Partnership  (NIAP).  NIAP  is  the  collaborative  effort  by  the  NSA  and  the  National 
Institute  for  Standards  and  Technology  (NIST)  to  foster  U.S.  participation  in  the 
Common  Criteria  program. 

Products  that  need  to  meet  CC  requirements  include  databases,  operating  systems, 
firewalls,  biometrics  and  other  security  software  and  hardware,  including  smart  cards. 
About  75  products  have  received  CC  certification,  a  process  that  can  take  three  months 
to  more  than  a  year. 

The  OS  and  the  GG 

Ross  says  the  most  important  component  Common  Criteria  evaluates  is  the  operating 
system. The  ideal  situation,  he  notes,  would  be  to  have  a  CC-evaluated  security  product, 
such  as  a  firewall,  running  a  CC-evaluated  operating  system.  However,  there  are  a  limited 
number  of  CC-certified  operating  systems.  SGI  last  month  had  its  Trusted  IREX  6.5  and  its 
standard  IREX  6.5  operating  system  certified. 

“We’re  happy  to  hear  about  this,”  says  Mike  Clancy  chief  scientist  and  deputy  techni¬ 
cal  director  at  the  U.S.  Navy’s  Fleet  Numerical  Meteorology  and  Oceanography  Center  in 
Monterey,  Calif.,  which  uses  the  Trusted  IREX  server  in  its  computational  analysis  on 
weather  and  wave  heights.lf  Fleet  Numerical  wants  to  purchase  additional  Trusted  IREX 
servers,  there  won’t  be  a  problem  with  the  NST1SP#!  1  purchasing  directive. 

Much  of  what  Fleet  Numerical  does  for  the  Navy  Air  Force  and  intelligence  agencies 
is  unclassified.  But  because  a  portion  of  the  work  is  classified,  Fleet  Numerical  must 
abide  by  security  rules  that  prohibit  mixing  classified  and  unclassified  data.The  Trusted 
IREX  server,  which  has  multilevel  security  compartments,  lets  Fleet  Numerical  isolate  dif¬ 
ferent  types  of  data  on  the  same  server. 

While  it’s  not  clear  how  the  CC  mandate  will  be  policed,  the  issue  could  arise  during 
the  periodic  audits  done  by  the  Defense  Information  Systems  Agency  to  ensure  that 
proper  security  procedures  are  being  followed. 


“One  of  the  benefits  of  the 

Common  Criteria  is  the  mutual  recog¬ 
nition  by  all  the  nations  involved.” 

Mary  Ann  Davidson,  chief  security  officer,  Oracle 


Sun  has  had  two  versions  of  its  operating  system  CC-certified.  Solaris  8  was  certified 
at  the  Logica  lab  in  the  U.K.,as  was  a  “trusted”  version  with  strong  access  control,  security 
labels  and  software  compartmentalization. 

Those  evaluations,  which  required  a  year  each,  cost  Sun  hundreds  of  thousands  of 
dollars,  according  to  Solaris  product  line  manager  Mark  Thacker.  Sun  has  no  immediate 
plans  to  submit  Solaris  9  for  CC  evaluation. 

As  for  Microsoft.it  submitted  Windows  2000  for  evaluation  to  SAlC’s  lab  a  year  ago, 
but  there’s  been  no  announcement  on  CC  certification. 


See  Common  Criteria,  page  44 
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where  information  lives 

Business 

Continuity 

It’s  time  to  make  your  business  continuity  assets  work  harder  for  you.  With  EMC,  you  can  test 
and  deploy  new  applications,  shorten  or  eliminate  backup  windows,  or  load  and  refresh  data 

warehouses  more  frequently.  The  result:  your  data  is  better  protected  and  your  organization 
is  more  productive  every  day  of  the  year. 

Get  started  now  at  www.EMC.com/continuity 

EMC*  and  EMC  are  registered  trademarks  and  where  information  lives  is  a  trademark  of  EMC  Corporation.  ©2002  EMC  Corporation.  All  rights  reserved. 
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Federal  agencies  shopping  for  software  for  national  security  systems  can  ask  for  an 
NSA  waiver  to  avoid  the  CC  purchasing  mandate.  But  it’s  not  expected  to  be  easy  to  get 
one.  Ross  says.  On  the  other  hand,  he  says  the  NSA  probably  won’t  take  a  hard  line  if  a 
product  —  particularly  the  operating  system  —  is  in  the  evaluation  process. 

Software  vendors  that  have  invested  considerable  time  and  money  in  shepherding 
their  products  through  the  process  are  hoping  the  NSA  doesn't  grant  waivers  too  easily 

Security’s  seven  virtues 

Oracle  has  had  its  7, 8,  and  8i  database  products  evaluated  and  certified  at  the 
Logica  lab  in  the  U.K., which  examined  the  source  code  to  ensure  that  access  control 
and  encryption  worked  as  advertised.  An  option  for  these  databases,  called  Oracle 
Labeled  Security  Release  8. 1.7,  adds  a  way  to  label  data  for  security  purposes  and  is 
under  review. 

“It  cost  hundreds  of  thousands  to  a  million  dollars  per  product  to  do  CC  evalua¬ 
tion,”  Davidson  says.“We’re  the  first  database  vendor  to  achieve  it.”There  are  seven  des¬ 
ignated  grades  of  Evaluation  Assurance  Level  and  Oracle  has  targeted  EAL4  for  all  its 
products  so  far.  EAL1  is  the  lowest  and  EAL7  the  highest. 

Although  complex  to  decipher,  the  EAL  scheme  basically  says  EAL1  is  appropriate 
when  requirements  for  security  are  “not  serious.”  EAL2  ups  the  ante  in  asking  the  prod¬ 
uct  developer  for  design  information  and  testing  “consistent  with  good  commercial 
practice.”  At  EAL3,the  product  is  going  to  be  “methodically  tested  and  checked”  in  a 
CC-accredited  lab  in  a  search  “for  obvious  vulnerabilities.” 

At  EAL4  —  described  as  “the  highest  level  at  which  it 
is  likely  to  be  economically  feasible  to  retrofit  to  an 
existing  application” —  the  source  code  is  examined, 


and  the  vendor  has  to  be  prepared  to  “incur  additional  security- 
specific  engineering.” 

EAL4,the  highest  CC  certification  level  doled  out  for  the  75 
products  tested  to  date,  is  the  highest  level  that’s  recognized  by 
all  CC  country  signatories.  Above  that,  vendors  are  likely  to  see 
specific  demands  from  individual  countries. 

“Over  EAL4  would  be  horribly  expensive,” says  Don  Davis, 
chief  architect  of  trusted  technologies  at  Veridian.the  San 
Antonio, Texas, systems  integrator  that  develops  customized 
secure  email  and  database  applications  for  the  Depart¬ 
ment  of  Defense. 

The  Common  Criteria  describes  EAL7  as  being  for 
applications  in  “extremely  high  risk  situations  where  the 
high  value  of  the  assets  justifies  the  higher  costs.” 

This  April,  Secure  Computing  received  EAL4  for 
the  Gauntlet  firewall  (purchased  from  Network  Asso¬ 
ciates)  after  a  review  that  took  more  than  a  year  in 
CSC  lab  in  Australia,  says  product  marketing  man¬ 
ager  Jason  Lamar. 

Why  a  lab  in  Australia?  Lamar  says  Secure 
Computing  had  business  opportunities  there  and 
the  Australian  government  tends  to  have  its  own 
demands  related  to  CC. 


BELTWAY 
CONFIDENTIAL 

The  Common  Criteria  for 
evaluating  information  sys¬ 
tem  security  is  enshrined 
as  the  international  stan¬ 
dard  ISO/IEC  15408.  The 
global  community  backing 
Common  Criteria  meets  each 
year  at  the  International 
Common  Criteria  Conference  to 
discuss  the  standard's  develop¬ 
ment,  the  accredited  labs  and 
emerging  products. 


Orange  Book 


Before  the  arrival  of  Common  Criteria,  the 
Department  of  Defense  and  National 
Security  Agency  demanded  products  con¬ 
form  to  the  "Orange  Book”  criteria,  so-called 
because  the  security  evaluation  guidelines 
had  an  orange  cover. 

Dozens  of  vendors,  including  Sun,  Oracle,  DEC,  Novell  and  SGI, 
dutifully  went  through  years  of  Orange  Book  testing  in  the  late  1980s  and  early  1990s 
to  obtain  ratings  such  as“C2”and  “Bl”,  which  designate  lower  and  higher  security  lev¬ 
els.  An  executive  order  in  1990  from  President  Ronald  Reagan  said  government  com¬ 
puter  systems  storing  sensitive  data  would  have  to  be  C2-equivalent  by  1992.  A  com¬ 
monly  heard  rallying  cry  at  that  time  became  “C2  by  ’92!” 

But  by  all  accounts,  that  never  happened.The  government  never  purchased  enough 
Orange  Book-certified  products  to  justify  the  amount  of  money  the  IT  industry 
poured  into  having  their  products  certified. 

Many  reasons  have  been  given  for  this  over  the  years.  Military  IT  departments  some¬ 
times  admitted  they  found  trusted  systems  too  complex  or  expensive.  But  clearly,  a 
main  problem  was  that  it  typically  took  two  to  five  years  or  more  to  test  one  product. 
In  the  fast-paced  IT  industry;  changes  rendered  these  Orange  Book-certified  products 
obsolete  by  the  time  testing  was  done. 

“The  reason  the  testing  took  so  long  was  that  NSA  did  the  testing,” says  Gartner  ana¬ 
lyst  John  Pescatore,  who  worked  for  NSA  in  the  Orange  Book  era. “That’s  how  the 
National  Information  Assurance  Partnership  [N1AP]  started  up, so  you  won’t  have  to 
do  this  with  the  government.” 

The  U.S.  government  agreed  it  was  time  to  turn  this  job  over  to  accredited  commer¬ 
cial  labs  around  the  world. 

NIARa  joint  effort  between  NSA  and  the  National  Institute  of  Standards  and 
Technology,  has  played  a  key  role  in  fostering  the  international  Common  Criteria 
security  evaluation  program,  which  was  launched  in  1996  with  the  U.K.,  Germany, 
France  and  the  Netherlands. The  countries  backing  the  effort  has  since  grown  to 
include  Australia,  New  Zealand,  Canada,  Finland,  Greece,  Israel,  Italy,  Norway,  Spain 
and  Sweden. 

—  Ellen  Messmer 


An  uncommon  criteria? 

Several  vendors  say  the  Australian  government  prefers  to  have  CC  product 
testing  done  in  CC  labs  with  so-called  protection  profiles  defined  by  Australia. 
There  are  numerous  of  these  protection  profiles  —  which  are  sometimes 
created  by  the  vendor  and  sometimes  standard  under  the  CC  pro¬ 
gram  —  for  each  product  category. The  profiles  get  to  the  meat  of 
what  a  product  promises  to  do.  For  instance,  Sun  Solaris  8  and  Trusted 
Solaris  received  EAL4  certification.  But  the  protection  profiles  for 
Trusted  Solaris  are  more  demanding. 

“There’s  only  controlled  access  described  for  Solaris  8,”  Sun’s 
Thacker  says.“But  there’s  role-based  access  protection  defined  in  the 
Label  Security  Protection  Profile.  Unfortunately,  the  way  the  informa¬ 
tion  is  presented  on  the  Common  Criteria  Web  sites,  they  highlight  the 
EAL  level  not  the  protection  profile.” 

But  profile  preferences  have  some  vendors  saying  CC  has  a 
ways  to  go  to  become  fully  adopted  as  an  international  software 
testing  program. 

“Our  protection  profiles  were  accepted  in  the  U.S.  and  Canada, 
and  generally  in  the  U.K.,but  not  in  Australia,” says  Gary  Moore, 
senior  architect  for  global  governments  at  Entrust,  which  has  had  its 
Entrust  Authority  5.1  public-key  infrastructure  suite  evaluated  in  the 
Syntegra  lab  in  the  U.K.  at  EAL3.The  governments  of  Britain  and 
Australia  specifically  state  a  preference  for  homegrown  protection 
profiles,  he  says. 

“There’s  still  a  country-by-country  approval,  which  is  a  major  issue,” 
Moore  says. The  time  needed  to  get  through  the  entire  process  is  caus¬ 
ing  Entrust  to  submit  upcoming  products  for  testing  even  before 
they’re  generally  available. 

Despite  the  costs  and  obstacles,  vendors  are  proud  to  have  made  it 
through  the  testing  and  hope  it  will  give  them  a  competitive  edge  in 
the  government  market.  Although  a  year  sounds  like  a  long  time  to 
have  a  product  undergo  testing,  observers  note  this  is  faster  than 
Orange  Book  testing. 

“It  typically  took  NSA  over  two  years  to  do  this  testing,  and  that’s 
why  N1AP  started  up, so  you  wouldn’t  have  to  do  this  with  the  govern¬ 
ment,”  says  Gartner  analyst  John  Pescatore. 

Common  Criteria  is  no  silver  bullet,  because  security  experts  might 
discover  new  holes  in  CC-evaluated  products  (this  occurred  with 
Solaris  8  a  month  ago). “Common  Criteria  is  better  than  nothing,” 
Pescatore  says.“But  it  doesn’t  replace  vulnerability  testing.” 

CC  is  a  process  in  motion,  and  in  the  U.S.  there’s  talk  about  expand¬ 
ing  purchasing  mandates  and  testing  to  equipment  not  yet  included, 
such  as  intrusion-detection  systems.  NIAP  director  Ross  says  NIST  and 
NSA  are  considering  whether  to  have  protection  profiles  for  Web 
browsers.  And  he’s  working  on  a  set  of  unified  federal  guidelines  for 
use  of  CC. 

“After  Sept.  1 1,  there’s  been  interest  in  making  Common  Criteria 
mandatory  for  all  agencies,”  Gartner’s  Pescatore  says.  ■ 
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Blistering  acceleration. 
Easy  to  manage. 


Meet  The  Alteon 
Security  Cluster. 

Who  says  you  need  to  trade  off  network  security  to  get  better  network 
performance?  With  the  award-winning  Nortel  Networks™  Alteon™ 
Security  Cluster,  you  can  turboboost  your  network  with  a  multigigabit 
per  second  acceleration  platform  that’s  scalable  and  incredibly  easy  to 
manage  and  deploy.  There  are  many  powerful  security  applications  to 
the  cluster.  To  begin  with,  the  Alteon  Switched  Firewall  provides  up  to 
3.2  Gbps  throughput  and  500,000  concurrent  sessions.  And  the  Alteon 
SSL  Accelerator  proved  its  transaction 


Network  Computing 

per  second  power  in  real-life  testinq 

Editor's  Choice* 

and  garnered  the  Editor's  Choice 

award  from  Network  Computing  magazine  for  being  the  best 
performing,  best  featured  and  best  priced  product  on  the  market.  Our 
complete  line  of  L4-7  switching  and  application  products  gets  rave 
reviews  from  the  industry.  So,  if  you  want  to  maximize  return  on  your 
capital  investment  and  boost  your  network  to  new  levels  of 
performance,  we  can  help  you  do  it  with  blistering  acceleration.  To  learn 
more,  visit  nortelnetworks.com/alteonsecurity. 


Metro  &  Enterprise  Networks 


Optical  Long  Haul  Networks 


Wireless  Networks 


Nortel  Networks,  the  Nortel  Networks  logo,  the  Globemark  and  Alteon  are  all  trademarks  of  Nortel  Networks.  ©2002  Nortel  Networks 
All  rights  reserved.  ‘Network  Computing.  June  11, 2001. 
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Challenge  is  getting  communications  systems  to  speak  the  same  language. 


WIRELESS  COfinUNICATIONS 


BY  JENNIFER  HEARS 


Homeland 
defense 
looks  to 


trunked  800-MHz  radio  system. 

But  as  the  scope  of  the  disaster  became 
apparent  and  reinforcements  from  state  and 
federal  agencies  arrived  on  the  scene,  inter¬ 
operability  problems  arose  because  these 
agencies  operated  on  different  frequencies,  and  commu¬ 
nications  couldn’t  pass  from  one  system  to  another. 

“9/1 1  has  become  an  opportunity  for  people  to  understand  how  important  things 
like  integrated  technology  really  are,” says  Sean  Kirkendall,  director  of  public  affairs  at 
PSComm.a  consultancy  focusing  on  public-sector  technologies. 

The  problem  is  not  new.  Emergency  workers  faced  interoperability  woes  at  the 
Oklahoma  City  bombing,  the  Columbine  High  School  shootings  and  other  disasters. 

But  in  the  aftermath  of  Sept.  1 1,  there  is  more  muscle  and  more  money  directed  at 
the  problem.  In  fact,  the  need  to  deploy  more  efficient  communications  infrastructure 
among  first  responders  nationwide  has  become  a  federal  priority 

The  Federal  Emergency  Management  Agency  (FEMA)  is  slated  to  get  about  $3.5 
billion  in  the  proposed  2003  to  help  state  and  local  governments  better  equip  them¬ 
selves  against  terrorist  attacks.  Much  of  that  money  will  be  doled  out  in  grants  to  help 
those  agencies  set  up  secure  and  interoperable  communications  systems. 

That's  a  task  being  headed  by  FEMA  CIO  Ron  Miller,  who  has  been  meeting  with  state 
and  local  government  officials  and  industry  members  as  he  fashions  criteria,  standards 
and  guidelines  to  use  when  granting  funds  for  communications  projects.  No  specific 
technologies  have  been  settled  on  yet,  but  Miller  says  he  hopes  to  have  guidelines  in 
place  by  year-end. 

"We  think  it  would  be  a  mistake  to  settle  on  a  specific  technology  right  now  because 
we  haven't  evaluated  all  the  solutions,”  he  says.“ln  the  best  of  all  possible  worlds,  every¬ 
body  would  have  compatible  radios,  and  networks  would  be  integrated.  But  that’s  not  the 
way  the  world  is  right  now” 


First  responders  at  the 
Pentagon  were  able  to 
communicate  over  a 
trunked  wireless  radio 
system. 


First  step  is  bridging  __ _ _  _ 

Miller  says  FEMA  initially  ««» ««■«■. uft  ar  photo, wm  morris. 

J  J  AP  PHOTO/RON  EDMONDS.  U  S.  NAVY  PHOTO  BY  MARK  FARAM 

wants  to  use  bridging  tech¬ 
nologies  to  help  agencies  integrate  disparate  networks.  As  Mike  Worthington,  general 
manager  of  Safety  and  Security  Solutions  at  Motorola, says, “Right  now,  we  think  there  are 
$40  billion  to  $50  billion  worth  of  radio  networks  that  have  been  installed  that  just  can¬ 
not  be  thrown  away  overnight.” 

PSComm  says  EMA  is  taking  the  right  approach  by  advocating  bridging  as  an  initial 
response. “There  are  technologies  being  used  right  now  that  allow  for  patching  that  can 
be  implemented  very  quickly  and  cheaper  than  an  800Mhz  build-up  or  something  along 
those  lines,”  Kirkendall  says. 

John  Cohen,  president  and  CEO  of  PSComm,  points  to  a  project  underway  in 
Maryland,  where  state  police  communications  centers  are  being  linked  by  an  ACU-1000 
radio  interconnect  device  manufactured  by  JPS  Communications. The  ACU-1000  can 
interconnect  disparate  systems  including  high-frequency  radios,  land  mobile  radios  on 
various  frequencies,  cellular,  wireline  and  satellite  communications. 

Other  areas  FEMA  should  look  at  are  helping  agencies  set  up  wireless  data 
networks  and  providing  the  middleware  so  responders  on  the  scene  can  link  into  legacy 
data  information,  Cohen  says.  Miller  says  other  technologies  he’s  looking  at  include  satel¬ 
lite  networks,  allocating  spectrum  for  public  safety  emergencies  and  setting  up  priority 
access  on  public  cellular  networks. 

When  purchasing  new  equipment,  Miller  says  FEMA  will  issue  standards  that  give 
agencies  flexibility  when  it  comes  to  the  communications  systems  they  must  deploy 

See  Wireless,  page  48 


oments  after  American 
Airlines  Flight  77  crashed 
into  the  Pentagon,  emer¬ 
gency  workers  from 
around  Arlington, Va., 
were  on  the  scene. 
Thanks  to  a  mutual 
aid  agreement,  fire, 

police  and  emergency  medical  personnel,  the 
so-called  first  responders,  could  communicate 
via  handheld  radios  and  other  devices  over  a 
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Public  safety  officials  have 
trouble  communicating  in 
operational  situations  one- 
third  of  the  time.  j 
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You're  an  IT  professional,  not  the  Internet  police. 


Give  the  cop  routine  a  rest.  Manage,  don't  just  monitor  corporate  Internet  activity  with  Websense  Enterprise  Web  filtering 
software.  No  more  watching  over  shoulders  or  online  patrolling.  Websense  puts  the  highest  quality,  leak-free  database  to  work 
for  you.  It's  more  accurate,  reliable  and  comprehensive  with  automated  daily  updates,  including  more  than  5,000  site  additions 
per  day.  That's  why  more  than  half  the  Fortune  500  trust  Websense  to  manage  employee  online  activity.  You  can  too. 
Get  Websense.  And  save  your  badge  for  when  you  really  need  it. 


Stop  by  www.websense.com  today  for  your  free,  fully  functional  30-day  trial. 


EMPLOYEE  INTERNET  MANAGEMENT 

NASDAQ:  UBSN 


WEBSENSE  INTEGRATES  WITH  LEADING  INFRASTRUCTURE  SOLUTIONS  SUCH  AS: 


^  Verified  C2  Software  Technologies  Ltd.  Inktomi*  Af/C/USO//  NetworkAppliance'  NET  SCREEN'  SONICWALL 
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Continued  from  page  46 

“The  guidelines  will  not  mandate  a 
specific  manufacturer’s  solution,  but  it  will 
set  parameters  under  which  manufactur¬ 
ers  can  build  systems  ...  as  long  as  they 
have  the  capability  on  the  public  safety 


side  to  interoperate,”  he  says.“That  way 
[government  agencies]  can  choose  based 
on  price,  flexibility  features  or  whatever 
else  they  need.” 

Vendors  seem  to  agree.  For  example, 
Motorola  and  Symbol  Technologies  say 
they  are  committed  to  open  standards. 
Motorola  manufactures  radio  systems  that 
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comply  with  standards  developed  by  the 
Association  of  Public  Safety  Communi¬ 
cations  Officials  that  let  disparate  radio 
systems  communicate. 

States  take  the  lead 

In  the  meantime,  states  and  local  agen¬ 
cies  haven’t  been  idle.  Many  states  began 
overhaul  projects  long  before  Sept.  11. 

In  1998,  the  deadliest  tornado  in  South 
Dakota’s  history  hit  the  small  town  of 
Spencer,  about  45  miles  west  of  Sioux 
Falls.  At  that  time,  South  Dakota  emer¬ 
gency  agencies  were  operating  with  a 
hodgepodge  of  radio  systems. 

“The  governor  was  one  of  the  first  to 
arrive  on  the  scene,  and  as  [emergency 
personnel]  came  from  50,60,80  miles 
away  from  every  direction,  what  he  saw 
was  nobody  could  talk  with  anybody’ says 
Otto  Doll,  commissioner  of  the  Bureau  of 
Information  and  Telecommunications  in 
South  Dakota. 

The  trouble  was  the  agencies  were  all 
operating  on  different  frequencies.“Feople 
were  coming  in  with  lowband  39  MHz,  800 
MHz,  150  MHz,  450  MHz.  Some  of  them 
were  analog.  And  heaven  help  you  if  you 


wanted  to  send  any  data,”  Doll  says. 

After  that,  South  Dakota  Gov.  William 
Janklow  made  it  a  priority  to  set  up  an 
interoperable  communications  system 
for  all  agencies  within  the  state.  South 
Dakota  is  now  in  the  process  of  transi¬ 
tioning  to  a  150-MHz  digital  trunked  net¬ 
work,  Doll  says. 

He  says  he’s  hoping  to  get  money  from 
FEMA  to  help  expand  the  program.  He’s 
also  encouraging  neighboring  states  to 
adopt  the  same  frequency  so  that  interop¬ 
erability  can  cross  state  lines. 

But  it’s  no  easy  task.  Any  net  manager 
knows  the  challenge  in  unifying  com¬ 
munications  among  legacy  departments 
or  bringing  systems  into  compatibility 
after  a  merger.  Imagine  doing  that  for 
hundreds,  maybe  thousands  of  disparate 
systems. 

Ray  Bjorklund.vice  president  of  con¬ 
sulting  services  at  Federal  Sources,  a  mar¬ 
ket  intelligence  firm  focusing  on  public- 
sector  IT  says  bluntly:“Ron’s  [Miller]  got 
his  work  cut  out  for  him.” 

Network  World  Events  Editor  Sandra  Gittlen 
contributed  to  this  story. 


WIRELESS  STANDARDS 


Pennsylvania  agencies 

standardize  on  800MHz 

For  the  past  five  years,  Pennsylvania  has  been  upgrading  the  communica¬ 
tions  systems  state  agencies  use,  with  the  goal  of  making  the  systems  inter¬ 
operable.  On  Sept.  1 1,  after  a  plane  crashed  into  a  field  southeast  of  Pitts¬ 
burgh,  it  became  frighteningly  clear  how  valuable  the  new  system  will  be. 

“I  was  in  the  emergency  operations  center  shortly  after  the  incident  in 
New  York  and  was  there  most  of  the  night.  I  think  everyone  at  that  point 
was  stressing  the  importance  this  system  will  have 
going  forward,” says  state  CIO  Charlie  Gerhards. 

Like  most  states,  Pennsylvania’s  system  of  radio  com¬ 
munication  had  developed  in  departmental  silos,  with 
a  range  of  frequencies  and  technologies  that  made 
communication  across  departments  nearly  impossible. 

In  1996,  then-Gov. Tom  Ridge  saw  an  opportunity  to  cre¬ 
ate  a  unified  system.  About  $222  million  has  been  allo¬ 
cated  for  planning  and  construction  of  the  system. 

The  state  settled  on  an  800-MHz  digital  trunked  net¬ 
work  using  radio  technology  from  M/A-COM,a  division 
of  Tyco  Electronics.The  software-based  radio  system, 
called  Open  Sky,  uses  technology  based  on  TCP/IP  and  cellular  digital 
packet  data  (CDPD),a  data  transfer  technology  that  moves  packets  at 
speeds  up  to  19.2K  bit/sec. 

Alcatel’s  microwave  technology  is  being  used  to  link  250  radio  towers 
across  the  state  into  a  comprehensive  network,  a  spokesman  says.The  sys¬ 
tem  will  support  25,000  users,  but  is  designed  to  handle  more  than 
100,000,  the  state  says.The  radio  channel  bandwidth  is  20  KHz. 

Because  it  is  IP-based,  the  Open  Sky  system  can  carry  not  only  voice, 
but  also  data.That  means  responders  in  the  field  can  link  into  legacy 
mainframes  and  other  information  sources,  if  necessary, Gerhards  says. 

The  system  also  can  incorporate  global  positioning  system  capabilities 
and  will  provide  encryption  for  secure  communications. 

Pennsylvania  now  has  about  500  state  police  vehicles  equipped  with 
the  Open  Sky  system  and  expects  to  have  the  system  rolled  out  to  about 
25%  of  the  state  agencies  by  the  end  of  the  summer.  Final  rollout  is 
expected  to  be  completed  by  year-end. 

—  Jennifer  Mears 


Former  Gov.  Tom 
Ridge  launched  an 
upgrade  In  1996. 
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An  hour  with  Anthony  Montemarano 


INTERVIEW 


BY  CAROLYN  DUFFY  (1ARSAN 


^  V-  ' 


he  Defense  Information  Systems 
Network  —  the  Defense  Depart¬ 
ment’s  primary  transport  mecha¬ 
nism  for  voice,  data  and  video  — 
is  one  of  the  world’s  largest  and 
most  complex  networks,  with  a 
budget  of  $750  million  per  year  for 
terrestrial  service.  Even  though  it  carries  top-secret 
communications  from  the  battlefields  to  the  White 
House,  DISN  is  built  almost  entirely  of  commercial 
offerings.  Anthony  Montemarano,  principal  director 
for  network  services  at  the  Defense  Information 
Systems  Agency,  spoke  recently  with  Network  World 
Senior  Editor  Carolyn  Duffy  Marsan  about  DISN’s 
usage  since  Sept.  1 1  and  why  it’s  important  to  couple 
network  management  and  security.  Here’s  an  edited 
version  of  the  discussion: 


What  are  the  responsibilities  of  the  DISA's  network  services  group 
you  lead? 

Network  services  basically  provides  system  management  for  communications  solu¬ 
tions  and  communications  networks  supporting  the  Department  of  Defense.  We  do  the 
programming,  planning,  developing  and  provide  back-up  operational  support. We  don’t 
necessarily  watch  the  networks  ourselves:  Our  operations  directorate  does  that.  We  pro¬ 
vide  the  support  from  the  systems  perspective,  the  engineering  perspective. 

Describe  the  scale  of  DISN. 

DISN  is  a  series  of  networks.  We  have  unclassified  and  classified  data,  voice  and  video 
networks,  and  then  supporting  those  we  have  transmission  infrastructures.These  vari¬ 
ous  functional  networks  ride  upon  transport  derived  primarily  —  well  in  excess  of  90% 
—  from  the  commercial  environment. 

Worldwide,  we  span  from  as  far  west  as  Singapore  to  as  far  east  as  Bahrain.  Generally 


speaking,  were  in  the  middle  belt  of  the  Earth. We  don’t  go  into  South  America  and 
Africa.  We ’re  primarily  in  Europe,  North  America,  the  Far  East,  Korea,  Japan,  etc.  That’s  all 
fixed  infrastructure.  And  then,  of  course,  we  have  these  tactical  entry  points  or  teleports 
that  can  reach  into  the  tactical  environments  to  exploit  [government-owned]  ...and 
commercial  satellites. 

If  you’re  talking  in  terms  of  people  using  DISN,  we’re  in  the  millions.  In  terms  of  ser¬ 
vices  provided,  we  have  some  3,500  separate  data  connections,  whether  classified  or 
unclassified.  When  we  provide  a  connection  . . .  we  provide  circuit  access.  Behind  that 
circuit  access,  there  could  be  10  users  or  100  users  or  1,000  users. 

We  have  numerous  carriers.  In  the  continental  United  States  we  have  AT&T,  World¬ 
Com  and  Sprint,  primarily,  but  Qwest  is  in  there  as  well  as  the  various  [local  exchange 
carriers].  We  get  extensive  support  from  Verizon,  PacBell,  etc.  So  we  use  all  the  commer¬ 
cial  carriers. There  are  very  few  places  where  the  government  actually  owns  the  wire 
or  the  microwave.  In  Europe,  we  have  a  microwave  system  called  the  Digital  European 
Backbone. The  government  owns  that. 


How  much  data  traffic  does  DISN  carry,  and  what  growth  rates  are 
you  seeing? 

We  have  two  methods  of  supporting  data  traffic.  First  we  provide  point-to-point  cir¬ 
cuits  to  various  users.  And  I’d  be  hard-pressed  to  tell  you  how  much  of  that  is  data 
because  the  user  could  pass  data  or  voice  over  it.  We  just  provide  the  circuit.  But  we 
know  much  of  it  is  data. Then  we  have  IP  networks.  On  the  unclassified  side,  we  have 
1,500  [connections]  with  an  aggregate  bandwidth  of  some  5,100  megabits  per  sec¬ 
ond. On  the  classified  side,  we’re  running  about  1,615  megabits  per  second  for  about 
1,000  connections. 

Over  a  one-year  period,  [we’ve  seen  a]  25%  increase  in  unclassified  data  while  clas¬ 
sified  data  has  almost  tripled.  But  understand  that  during  the  last  year  we  had  some¬ 
thing  called  9/1 1.  We ’re  finding  that  the  classified  side  is  expanding  in  its  utilization  [of 
DISN],  Prior  to  9/11,1  ran  about  75  to  100  video  teleconferences  a  day  and  about  two 
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classified  video  teleconferences  a  day  After  9/1 1,  we  were  doing  upwards  of  30  to  45 
classified  video  teleconferences  a  day  so  you  can  see  a  shift  as  a  result  of  the  trauma 

of  9/11. 

How  critical  is  DISH  to  the  Department  of  Defense’s  enterprise  archi¬ 
tecture,  which  is  called  the  Global  Information  Grid? 

The  DISN  makes  up  the  communications  component  of  the  Global  Information 
Grid.  As  people  design  their  infrastructures, by  and  large  . .  .they’ll  be  designing  to 
ride  on  the  DISN.  From  that  perspective.  I’d  say  it’s  absolutely  critical. 

One  of  the  most  important  things  about  DISN  is  that  if  you  know  where  your  infra¬ 
structure  is  and  you  can  see  your  infrastructure, you  can  manage  your  way  through 
problems.  You 're  always  going  to  have  problems.  If  you  have  10  wires, 
one  of  them  is  going  to  break. The  challenge  is  responding  to  that 
and  managing  your  way  through  it.This  becomes  particularly  impor¬ 
tant  . . .  [because]  we  no  longer  have  to  deal  with  only  outages  from 
disturbances.  Now  security  or  information  assurance  has  become  a 
major  factor. 

With  the  cyberthreats, you've  aggravated  your  network  manage¬ 
ment  problem.  It’s  not  a  matter  of  whether  a  card  has  failed.You 
have  to  see  if  there’s  a  possibility  that  someone  came  in  and  was 
able  to  reach  that  card  and  make  it  fail.  Or  is  somebody  overload¬ 
ing  that  card  with  traffic.  So  what’s  critical  is  that  when  you  deal 
with  the  cyber  threats  today  you  have  the  ability  to  see  what  you 
have  out  there  and  to  be  able  to,  if  you  will,  fight  the  network. 

During  the  9/1 1  event . . .  we  immediately  showed  our  infrastruc¬ 
ture  to  the  decision-makers  and  said: ‘This  is  what  you  have  and 
don’t  have,  and  this  is  what’s  in  jeopardy1  It  turns  out  we  didn’t  get 
hit  per  se,  but  we  had  to  move  some  of  our  infrastructure  in  that 
component  of  [the  Pentagon]  because  it  was  in  jeopardy  Because 
we  could  see  it  and  we  knew  what  it  was,  we  could  manage  it.  We 
knew  how  much  trouble  it  was  in  and  we  could  manipulate  it.  As  a 
result,  we  had  very  little  impact  to  our  infrastructure.  Nobody  lost  service. 

From  your  experience  with  DISN,  what  advice  can  you  offer  about 
managing  large,  complex  networks? 

What  we’ve  done  is  take  our  network  management  tools  and  focused  them  in  a 
central,  global  network  operations  security  center  and  then  sat  our  security  tools 
right  next  to  them. The  Department  of  Defense’s  security  structure  has  a  joint  task 
force  with  computer  network  operations. They  sit  side  by  side.  So  when  we  deal  with 
network  infrastructure  challenges  . . .  not  only  do  we  have  the  guy  or  gal  that  under¬ 
stands  the  boxes  out  there  and  the  manner  in  which  [the  network  components] 
might  fail,  we  have  people  that  understand  security  and  the  potential  for  attacks  that 
are  being  waged.  And  we  have  the  various  sensors  and  the  like  that  we  deploy  That 
synergy  is  absolutely  incredible.  It  was  effective  during  the  Code  Red  attack. 

My  advice  to  corporate  network  managers  is,  if  he  doesn’t  have  his  information 
assurance  folks  or  his  security  folks  sitting  side-by-side  with  his  network  operations 
then  he’s  missing  the  mark.  Especially  if  he’s  in  any  way  dependent  on  the  Internet 
for  business  because  that,  of  course,  is  the  primary  path  by  which  attacks  can  be 
made.  Cyber  attacks  are  sinister.  When  your  packet  loss  begins  to  rise,  it  normally 
doesn’t  show  up  on  a  screen. The  screen’s  still  green,  but  the  fact  is  there’s  packet  loss, 
and  the  user  is  failing  to  get  the  traffic  through. That’s  not  obvious.  Performance  man¬ 
agement  and  network  management  have  to  be  one. 


One  of  the  largest  challenges  we  have,  which  I  would  argue  anybody  would  have, 
is  configuration  management.  As  much  as  you  try  to  do  it, you  don’t  get  it  right  and 
you  always  have  these  weaknesses.  Configuration  management  and  troubleshooting 
are  dependent  on  databases,  and  databases  are  always  rife  with  challenges,  errors 
and  the  like.  We’ve  deployed  an  integrated  network  management  system  that  has 
helped  us  see  across  layers  from  the  functional  layer  to  the  physical  layer.  But  in 
helping  it  also  magnified  the  configuration  management  challenge  because  it’s  re¬ 
liant  on  the  configuration  management  processes  of  an  IP  infrastructure  and  a  voice 
infrastructure.  Well, you  think  those  two  configuration  management  databases  were 
built  the  same  way?  Of  course  not, so  we’re  trying  to  bring  them  together. 


“My  advice  to  corporate  network 
managers  is,  if  he  doesn’t  have  his 
information  assurance  folks  or  his 
security  folks  sitting  side-by-side 
with  his  network  operations  then 
he’s  missing  the  mark.” 


How  has  your  view  of  managing  the  Department  of  Defense’s  network 
infrastructure  changed  since  Sept.  11? 

For  us,  the  war  is  still  on.  We  feel  very,  very  strongly  and  consequently  we  are  enor¬ 
mously  focused  on  the  battlefield  and  our  support  for  the  battlefield.  So  post-9/1 1 , 
the  fact  of  the  matter  is  our  operators,  our  network  managers,  our  provisioning  pro¬ 
cesses  —  all  are  focused  with  much  greater  intensity  on  supporting  what  is  in  South¬ 
west  Asia.  Being  extra  sensitive  to  any  anomalies  that  are  detected  so  as  to  respond 
quickly. That’s  probably  the  main  change. 

What  lessons  have  you  learned  about  DISN  in  the  ongoing  Afghanistan 
operation?  And  how  might  DISN  change  in  response? 

Because  of  our  bandwidth  increase  going  into  Southwest  Asia,  we’re  heavily  de¬ 
pendent  on  commercial  satellite  solutions.  So  our  ability  to  get  transponders  quickly 
has  served  us  well.  An  after-action  report  is  going  to  be:  As  soon  as  you  smell  any¬ 
thing  happening,  go  after  transponders.  We’ve  been  able  to  get  the  capacity  we’ve 
needed,  but  of  course  this  is  an  extremely  expensive  proposition  for  us. 

We  also  validated  that  video  teleconferencing  is  a  command  and  control  system.  It 
is  not  administrative  in  any  sense  of  the  word. The  services  and  agencies  have  come  to 
grips  with  the  fact  that  sitting  there,  seeing  somebody  seeing  their  body  language  is 
almost  as  important  as  hearing  their  words.  ■ 


What  do  you  see  as  the  most  promising  network 
technologies  on  the  horizon  for  DISA  and  why? 

Convergence  technologies  that  allow  us  to  bring  voice, 
data  and  video  together.  We’re  converging  at  the  desktop, 
and  we  in  the  wide  area  can’t  avoid  that.  We  also  have  to 
deal  with  the  cultural  challenges  —  not  only  the  technical 
challenges  —  of  bringing  voice  and  video  together  in  the 
wide  area  because  the  engineers  and  operators  look  at 
different  things,  manage  it  differently  and  are  not  sensitive 
to  each  other’s  needs.The  data  world  has  gone  to  extraor¬ 
dinary  extremes  to  deal  with  security  Voice  has  never  had 
to  do  that.  It’s  just  so  easy  from  a  PC  at  home  to  do  some¬ 
thing  to  a  data  environment,  whereas  you  had  to  be  a  little 
more  sophisticated  to  take  a  shot  at  a  5ESS.  So  coming  to 
grips  with  that  and  getting  the  two  cultures  to  deal  with 
each  other  is  a  challenge. 
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A  retired  naval  aviator,  he  joined  the  Defense  Communications 
Agency,  later  renamed  DISA,  in  1989.  In  1991,  he  was  a  sector 
leader  of  the  DoD  DataTask  Force  that  formulated  the  concept 
forthe  DISN.  He  helped  deploy  the  Secret  Internet  Protocol  Router 
Network,  a  classified  government  intranet,  and  its  unclassified 
counterpart  called  NIPRNET. 

Education:  Bachelor's  degree  in  Aerospace  Engineering  from  Polytechnic  Institute  of  Brooklyn,’ 
Master’s  degree  in  Systems  Management  from  University  of  Southern  California 


What  do  you  see  as  DISA's  major  challenges 
related  to  its  network  infrastructure,  and  how 
are  you  addressing  these  challenges? 


Go  online  forthe  unabridged  version  of  Montemarano's  Q&A.  www.nwfusion.com,  DocFinder:  1130 
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Web  shutdown  cripples  Department  of  the  Interior. 


'NET  DISRUPTION  BY  JOHN  FONTANA 


arly  in  November  last  year  Mike  Miller, 
— I  the  chief  of  financial  management  for 
the  Minerals  Management  Service 
bureau  within  the  U.S.  Department  of 
the  Interior,  began  basking  in  the  glow 
of  the  bureau  s  new  Internet-based 
accounting  system. 

The  glow  quickly  faded  to  gloom. 

A  month  later,  the  system,  designed  to  audit  and  track 
$300  million  worth  of  oil,  gas  and  coal  royalties  and 
land  rental  fees  collected  and  dispersed  by  the  bureau 
each  month,  was  disconnected  from  the  Internet  under 
court  order.  After  18  months  creating  the  new  system, 
online  operations  at  MMS  ceased. 

“We  reorganized  our  processes  and  computerized  our  accounting  system  to  be 
totally  reliant  on  the  Internet,”  Miller  says.“Everyone  from  outside  [the  bureau]  has  to 
come  in  through  that  portal."  MMS  was  offline  for  four  months,  costing  the  bureau 
untold  millions,  including  $3  million  alone  for  consultants  who  stood  around  until  the 


Internet  link  was  restored. 

The  most  frustrating  issue  was  that  MMS  was  knocked  offline  not  by  its  own  actions, 
but  as  part  of  the  fallout  of  a  6-year-old  class-action  lawsuit  over  mismanagement  of 
American  Indian  trust  funds.The  suit  was  brought  by  American  Indians  against  the 
Department  of  the  Interior  (DOI),  which  oversees  the  Bureau  of  Indian  Affairs  (BIA), 
MMS  and  six  other  bureaus  (see  timeline, below). 

The  case  found  that  $10  billion  in  American  Indian  trust  money  was  unaccounted 
for,  mostly  because  of  poor  record-keeping  and  computer  systems. 

On  Dec.  5, 2001,  a  court  order  forced  the  DOI  to  unplug  from  the  Internet  all  sys¬ 
tems  that  house  Indian  trust  data,  pending  an  evaluation  of  BIAs  computer  security 
which  had  been  repeatedly  criticized  in  government  reports  and  was  easily  hacked 
during  an  independent  audit. 

Six  months  earlier,  then-BIA  CIO  Dom  Nessi  publicly  admitted  that  his  department  had 
no  real  security  no  firewalls  and  potentially  could  be  hacked  by  a  high  school  student. 

Not  knowing  exactly  which  systems  housed  American  Indian  trust  data  or  had  ac¬ 
cess  to  that  data,  DOI  disconnected  from  the  Internet  BIA  and  seven  other  bureaus,  in¬ 
cluding  MMS,  the  National  Park  Service  and  the  Fish  and  Wildlife  Service. 

The  fallout  would  bring  home  important  lessons  to  all  the  DOI  bureaus:  Lack  of 
security  did  have  devastating  consequences  and  the  Internet  had  become  entrenched 
in  government  operations. 

The  fallout 

“We  can’t  do  business  anymore  without  the  Internet,” says  Dave  Barna,  public  affairs 
officer  with  the  National  Parks  Service.“It’s  so  important;  we  can’t  do  our  jobs  without  it.” 

Once  disconnected,  MMS  and  every  other  DOI  bureau  entered  a  time  warp  that  trans¬ 
ported  71,000  employees  and  a  Web-sawy  public  to  pre-Internet  days.  Each  bureau 


Path  to  a  shutdown 


1987 

Federal  law  makes  the 
U.S.  Government 
responsible  for 
collecting  fees  from 
anyone  who  uses  tribal 
land,  with  the  fees  to 
be  held  in  a  trust  fund. 


December 
1999 

Federal  Judge 
Royce  Lamberth 
rules  the  gov¬ 
ernment  has 
breached  its  trust  fund 
responsibilities  to  American 
lndians.The  government's 
appeal  fails  in  February  2001. 
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Dec.  5, 2001 

Lamberth  issues  temporary  restraining  order  requiring  DOI 
to  disconnect  from  the  Internet  all  systems  that  contain 
Indian  trust  data  until  security  safeguards  are  installed. 
DOI  disconnects  its  eight  bureaus  pending  data  audit  of  all 
servers  and  PCs. - 


August  2001  - 

Department  of  the 
Interior/BIA  Internet 
infrastructure  hacked  as 
part  of  audit  by  Predictive 
Systems  to  document  lax 
security. 
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November  2001 

Class-action  suit  filed  by  Elouise 
Cobell,  a  member  of  the  Blackfeet 
tribe,  against  Bureau  of  Indian 
Affairs  over  mismanagement  of 
trust  fund.  Suit  seeks  account¬ 
ability  for  $10  billion  in  lost  funds 
and  to  force  permanent  reform  of 
the  system. 


Gale  Norton  and  Assistant  Sec¬ 
retary  for  Indian  Affairs  Neal 
McCaleb  to  stand  trial  for 
contempt,  citing  their  inability  to 
clean  up  the  trust  fund  problem. 
Case  ends  in  April  2002,  but 
decision  is  pending. 


Gale  Norton, 
Interior  Secretary 


Feb.  11, 2002 

National  Park 
Service  gets 
preliminary 
approval  to 
go  back  online. 


Dec.  23, 2001 

Court  clears  DOI 
request  to  reconnect 
Law  Enforcement 
computer  system  as 
matter  of  public 
safety. 


April  26, 2002 

BIA  gets  permission  to 
deploy  100  stand-alone 
PCs  with  Internet  access 
to  support  the  bureau’s 
fire  program. 


May  8, 2002 

Office  of  the 
Secretary  of  the 
Interior  gets  pre¬ 
liminary  approval 
to  go  back 
online. 


Dec.  8, 2001 

Lamberth  approves 
U.S.  Geological  Survey 
reconnection  to  the 
Internet,  including  its 
Wildland  Fire  Manage¬ 
ment  Web  site,  as 
matter  of  public 
safety. 


Jan.  22, 2002 

Office  of 
Surface  Mining 
gets  prelim¬ 
inary  approval 
to  go  back 
online. 


March  20, 2002 

•  Minerals  Manage¬ 
ment  Service  gets 
preliminary  approval 
to  go  back  on-line. 
•U.S.  Fish  and  Wild¬ 
life  gets  preliminary 
approval  to  go 
online. 
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became  an  island,  unable  to  share  data  electronically  with  other 
bureaus  or  the  public.  Employees’ electronic  time  cards  could  not 
be  filed  because  the  DOI’s  National  Business  Center  (NBC),  which 
processes  approximately  $9  billion  in  payroll  each  year,  also  was  dis¬ 
connected. 

“We  decided  to  install  a  dedicated  private  line  to  NBC  to  restore 
our  connection,”  says  Shane  Compton,  deputy  CIO  of  information 
resource  management  for  the  Fish  and  Wildlife  Service. 

The  fax  machine  and  telephone  became  the  Band-Aids  of  choice 
to  resume  communication,  which  was  now  laborious.  Bureaus  had 
e-mail  internally,  but  were  cut  off  from  the  outside  world.  Some 
bureaus  had  access  to  their  intranets,  others  did  not. The  public 
could  no  longer  use  Web-based  DOI  services,  such  as  the  National 
Park  Service’s  site  for  reserving  campsites  in  its  385  parks. 

The  ironic  twist  was  that  some  American  Indians,  who  for  years 
had  questioned  the  integrity  of  a  system  to  collect  money  on  their 
behalf, saw  their  payments  lapse  or  severely  delayed  until  some 
order  was  restored. 

“We  are  still  scratching  our  heads  over  why  it  got  so  screwed  up,” 
says  Ray  Bjorklund,  vice  president  of  consulting  for  Federal  Sources,  a 
market  research  firm  covering  the  federal  IT  market. 

Observers  also  are  scratching  their  heads  over  how  DOI,  which 
has  received  $2.3  billion  in  IT  budget  money  since  1999  and  has  an 
IT  staff  of  2,272,  could  not  muster  the  resources  to  correct  no-brainer 
security  holes  at  BlA.such  as  lack  of  firewalls  or  blank  administrative 
passwords. 

Alan  Balaran,  appointed  by  the  court  as  special  master  to  over¬ 
see  the  DOI  shutdown,  said  in  status  reports  to  the  court  that  the 
problems  simply  had  been  “institutionally  ignored”  and  that  DOI  had 
a  “disgraceful  legacy”  of  protecting  American  Indian  trust  data. 

Trying  to  cope 

In  the  aftermath,  the  court  quickly  allowed  some  systems  and 
bureaus, such  as  the  U.S.  Geological  Survey  (USGS),  which  provides 
earthquake  and  natural  disaster  data,  back  online,  citing  national 
safety  concerns.  Ditto  for  law  enforcement  systems  used  by  DOI, 
which  has  jurisdiction  over  22%  of  the  nation’s  landmass,and  the 
Wildland  Fire  Management  System. 

But  most  bureaus  were  disconnected  for  three  to  four  months, 
and  are  still  calculating  the  financial  impact. 

B1A  is  still  offline  (as  of  July  2). The  Secretary  of  the  Interior’s  office 
was  offline  until  early  May  In  the  interim, staffers  went  to  other  bureau 
offices  in  DOl’s  Washington,  D.C.,  headquarters  to  send  or  receive 
e-mail. 

To  get  back  online,  IT  executives  at  each  bureau  had  to  certify 
that  servers  and  PCs  did  not  house  or  have  access  to  Indian  trust 
data.  _ 

The  USGS  certified  2,200  servers. 

“In  the  first  few  days  we  did  certifications  on  over  1,000  servers,” says  Anne  Frondorf, 
deputy  geographic  information  officer. “The  people  in  the  field  offices  were  working 
into  the  wee  hours  of  the  morning.” 

Without  the  benefit  of  the  Internet,  USGS  creat- 

—  ...  ed  a  form  and  faxed  it  to  each  office. 

- — .  IT  administrators  documented  the 

servers  and  their  data  then  faxed  back 
the  forms.The  box  of  documents  was  car¬ 
ried  to  the  court. 

The  effort  taught  Frondorf  a  few  things. 
“We  have  a  lot  of  servers  out  there. We  are 
now  trying  to  maintain  a  more  comprehen¬ 
sive  database  of  those  resources.” 

At  the  Bureau  of  Reclamation,  the  coun¬ 
try’s  largest  wholesaler  of  water,  Kathy 
Gordon,  CIO,  says  the  organization  created 
forms  to  record  water  data,  printed  them 
out  and  faxed  them. The  information  is  criti¬ 
cal  to  dam  operators  who  expect  the  real¬ 
time  data  to  regulate  water  flow  and  avoid 
floods. 

The  National  Park  Service  Web  site,  which 
gets  a  million  hits  per  day,  went  dark  to  the 
public  as  it  tried  to  certify  its  1,327  servers. 


INTEGRATION 


Government  portal  effort  is 
a  lesson  in  data  integration 

What  do  the  river  rapids  of  Colorado’s  Gunnison  Gorge,  hiking  trails  in  West 
Virginia’s  Monongahela  National  Forest  and  wildlife  viewing  areas  in  Arizona’s 
Coronado  National  Memorial  have  in  common? 

Information  about  all  those  recreational  facilities  is  being  pulled  into  a  portal  Web 
site  called  Recreation  OneStop  under  development  by  the  federal  government  as  part 
of  a  plan  by  President  Bush  to  create  efficiencies  in  government  and  make  it  more 
accessible  by  the  public. 

While  it  sounds  good  on  paper,  behind  the  scenes  the  technical  difficulties  of 
pulling  data  together  from  so  many  diverse  sources  are  proving  to  be  a  challenge. 

“The  challenge  is  integrating  the  resources,  people  and  IT  systems  that  the  various 
agencies  already  have  in  place  so  it  appears  seamless  to  the  fisherman  who  wants  to 
find  that  perfect  spot,”  says  Scott  Cameron,  deputy  assistant  secretary  for  performance 
and  management  at  the  Department  of  the  Interior  (DOI),  which  is  leading  the 
Recreation  OneStop  initiative. 

Cameron  has  a  yearly  budget  of  $1.5  million  to  meet  the  challenge. 

Recreation  OneStop’s  mission  is  to  create  a  database  of  recreational  information, 
maps  and  reservation  services  for  parks,  museums,  forests,  lakes,  historic  sites  and  ur¬ 
ban  parks  run  by  federal, state  and  local  governments.The  effort  builds  on  the  4-year- 
old  Recreation.Gov  Web  site,  a  directory  of  about  2,200  federal  recreational  facilities. 

“How  do  you  build  data  standards  is  our  big  question,” says  John  Mahoney,  project 
manager  for  Recreation  OneStop,  which  combines  the  work  of  10  federal  agencies 
and  soon  will  include  state  and  local  governments. 

“XML  is  a  godsend  for  keeping  data  structured,”  says  Keith  Stewart,  Web  applica¬ 
tion  developer  for  Recreation. Gov.“We  used  XML  to  import  data  from  their  database 
to  our  database.” 

Stewart  also  is  creating  a  template  that  includes  nearly  40  data  fields  needed  for 
Recreation.Gov  listings, such  as  addresses,  phone  numbers  and  available  activities. 

These  first  steps  should  be  rather  simple,  Stewart  says.  But  the  next  ones  get  more 
difficult  as  maps  are  incorporated  and  Recreation.Gov  starts  to  transform  into 
Recreation  OneStop. 

“There  is  a  big  issue  around  how  do  we  take  on  Geographic  Information  Systems 
and  geospatial  information.  It  is  very  data  intensive,”  Stewart  says.  Plans  to  solve  the 
issue  are  still  in  the  works,  he  says. 

—  John  Fontana 
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CONFIDENTIAL 

Federal  agencies  have 
spent  the  past  two 
years  considering  how 
to  move  6,600  types  of 
paper-based  transac¬ 
tions  online,  but  only 
hundreds  are  online 
today,  according  to  the 
Office  of  Management 
and  Budget 


“People  looking  for  seasonal  jobs  couldn’t  get  to  our  systems.  We  fell  behind  on 
hiring,”  NPS’  Barna  says.“We  contract  yearly  for  $120  million  worth  of  work  in  parks.  We 
pay  those  contracts  electronically,  now  we  had  to  do  it  manually  It  cost  us  overtime." 

But  it  was  MMS  that  truly  suffered  and,  in  turn, so  did  American  Indians. 

With  no  accounting  system,  MMS  had  no  way  to  track  the  70,000  leases  or  audit 
200,000  transactions  per  month  it  makes  for  state  governments,  20,000  American 
Indian  land  owners  and  41  tribes  that  own  the  land  where  natural  resources  are 
mined.  Money  flowed  in  and  out  unchecked.  MMS  sent  out  $202  million  in  four 
months  to  benefactors  based  on  historical  averages  to  avoid  having  to  pay  interest 
fees  on  late  payments. 

A  four-month  backlog  is  now  being  processed,  which  will  be  followed  by  an  audit 
of  payments  made  since  the  shutdown. 

Part  of  the  money  was  handed  over  to  B1A,  but  MMS  could  not  include  an  accurate 
accounting  of  which  people  or  tribes  were  entitled  to  what  portion  of  the  money 

“There  were  some  workaround  solutions,  and  trust  payments  were  being  pro¬ 
cessed  manually" says  Geoffrey  Rempel.an  assistant  to  Dennis  Gingold,  attorney  for 
the  plaintiffs  in  the  case. 

In  all,  the  government  and  public  learned  that  the  Internet  has  become  an  insepa¬ 
rable  part  of  its  operations. 

“In  700  field  offices,  hours  were  spent  at  the  fax  machine," says  Mitch  Snow,  public 
affairs  officer  for  Fish  and  Wildlife.“You  lose  site  of  just  how  important  your  Internet- 
based  systems  are." 

And  the  shutdown  confirmed  what  the  government’s  General  Accounting  Office 
said  in  a  Nov.  9, 2001  report  to  a  congressional  subcommittee: “We  have  reported  that 
poor  information  security  is  a  widespread  federal  problem  with  potentially  devastated 

consequences.”* 
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Wondering  How  To  Get  More 
Out  Of  Your  Data  Center? 


Try  SharkRacks™.  Our  rack-mount  units  will 
safely  house  virtually  any  19”  EIA  standard  unit. 
Have  Suns?  No  problem.  What  about  Cisco  gear, 
or  Compaq,  or  HP  servers?  Sure.  We  can  rack 
that.  With  SharkRack  you  get  a  great  looking 
cabinet.  Our  space  savings  and  cabling  features 
will  organize  your  systems.  Most  importantly,  with 
our  NetBotz  unit  watching  over  your  systems, 
you’ll  always  know  what’s  going  on.  Call  us  today 
or  log  on  for  more  details  to  see  how  we  can  help 
you  save  space,  keep  cool,  and  look  good. 


V  SHARK  877-427-5722 
m rACK  www.sharkrack.com 


SharkRack™ 
Systems  are  the 
leading  racking 
solution  for  multi¬ 
vendor  configura¬ 
tions.  We  rack 
Sun™,  Cisco™, 
Compaq™,  HP™ 
and  almost  any 
19”  EIA  standard 
unit.  Our  current 
Sun™  rack-mount 
kits  include: 


•  SunFire™  3800- 
4800  series 
servers 

•  E3500,  E4500 

•  A5000 

•  T-3 

•  Many  more, 
see  web  site 
for  details 


The  SharkRack  LCD  monitor  and 
keyboard  has  TFT  quality  video 
imaging  on  a  sliding  tray  that  is 
only  1.75”  high. 


The  NetBotz™  RackBotz  unit 
installs  in  a  cabinet  and  monitors 
internal  conditions.  If  a  problem 
occurs,  it  will  send  out  an  alert  by 
email,  pager,  or  other  device. 


Need  A  Reliable  Rack  Modem? 

m  Convenient  Dial-Up  Access  to  Your  Equipment  Bays  m 


Fault  Tolerant  Modem  (FTM) 


•  Remotely  Configurable 

•  AC  and  -48V  DC  Power  Options 

•  Internal  Filtered  and  Surge  Protected  Power  Supply 

•  Powers  Up  to  Specified  Answer  Rings  and  Baud  Rate 

•  Standard  “AT”  33.6  Kbps  Modem 


Deluxe 


Password/Dial  Back  Modem  (SRM) 


Local  RS232  Console  Port  33.6  Kbps  Modem 


•  Up  to  100  Individual  Passwords 

•  Audit  Trail  Log  with  Time/Date  Stamp 

•  Remotely  Configurable 

•  Standard  “AT”  33.6  Kbps  Modem 

•  19”  or  23”  Rack  Options  nebs  Approved 
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western  telematic  incorporated  Keeping  the  Net. ..Working! 
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The  Hub  of  the  Network  Buy 


OBSERVER 


How  Secure  Is  Your  Wireless  Network?  Find  Out  With  Observer • 


©2002  Network  Instruments,  LLC.  Observer,  “Network  Instruments”  and  the  “N  with  a  dot”  logo  are  registered  trademarks  of  Network  Instruments,  LLC. 


Observer:  Network  monitor  and 
protocol  analyzer  for  Ethernet 
(1 0/1 00/gigabit),  Token  Ring  (4/16/100), 
FDDI,  and  Wireless  802.1 1 .  The  ability 
to  use  Observer  on  BOTH  wired  and 
wireless  networks  makes  it  the  most 
cost-effective  tool  available. 


Observer:  Comprehensive,  versatile 
wired  and  wireless  protocol  analyzer, 
supporting  capture/decode,  statistics, 
trending,  and  expert  analysis.  Observer 
takes  wireless  analysis  to  a  new  level  by 
including  functions  such  as  Wireless 
Network  Vital  signs,  and  Wireless  Access 
Point  Statistics,  eliminating  the  need  to 
purchase  different  tools  for  different 
network  types. 


Observer The  first  and  only  analyzer 
for  Wireless  802. 1  la,  802. 1 1b  and 
wired  networks — together  in  one 
solution — at  a  price  that  won’t  break 
the  bank. 


Call  800-526-7919  or  visit  us  online  for  a  full-featured  evaluation: 

www.NETWORKINSTRUMENTS.com 

US  (952)  932-9899  •  Fax  (952)  932-9545  •  UK  &  Europe  +44  (0)  1959  569880  •  Fax  +44  (0)  1959  569881 


NETWORK 


To 


* 


V9  Sentry  power  tower 


Your  Zero  U  Reboot  Solution 
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>6  remote!/  addressob  u  yowjr  outlets  — 
The  hifhest  density  avautbk  of  eny 
Remote  Power  Management  vedical  strip 
30-amp  power  input  feed  olstrlbu 
across  16  outlets. 

Mounts  vertically  In  your  equipment  rack  or 
cabinet  and  requires  Zero  U  of  rack  space. 
Load  Sense  provides  real-time  current 
monitoring  In  the  remote  screen  Interface 
and  through  a  built-in  LED  display  for  on- 
sile  measurement. 

_ _ _.-7  Power  up  sequencing  of  all  16  outlets 

prevents  an  In-rush  current  overload. 
Temet.  SNMP.  Modem  or  RS-231  Interfaces  for  easy, 
practical  and  secure  power  management  of  remote 
internetworking  equipment. 


Install  the  new  Sentry  Power  Tower  In 
your  data  center,  NOC  or  co-lo  facility 
and  gain  the  advantage  of  remotely 
rebooting  up  to  16  of  your  equipment 
units  -  without  occupying  any  space  in 
your  rack  or  enclosed  cabinet 

;  Try  the  New  Sentry  Power  Tower  in  your 
rack  or  cabinet  and  realize  the  benefits 
i„  ~  of  Intelligent  Power  Distribution  and 

►  Remote  Power  Management 

See  our  complete  product  line  at  wwrwgenrertech.com 
or  call  800R3S.1S15  or  775J84.2000 
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Another  great  product  from 

Server  Technology, 


Sends 

SNMP 

Messages 


Monitors 

64 

IP  addresses 


Embedded 

Web 

Server 


Sends 

E-Mail 


Power 

Outage 

Alarming 


Internal 

UPS 


Power  Ethernet 
Control  Port 
Interface 


Internal  Voice, 
Modem 
&  Pager  Port 


8  RJ-45  Sensor  Inputs 

(Temperature,  Humidity. 
Water,  Motion,  Power, 
Smoke/fire) 


Microphone 

lor  Sound 
Monitoring 


BE  NOTIFIED  BEFORE  CRITICAL  EVENTS  TURN  INTO  DISASTER! 


•  Eight  environment  inputs 

•  Power  sensing 

•  Monitors  64  IP  addresses 

•  Send  alerts  to  64  people 

•  8  methods  of  contact 

•  Calendar  scheduling 

•  Expands  to  256  sensors 

•  Remote  power  control 

•  Optional  camera 


The  Sensaphone  IMS-4000  Infrastructure 
Monitoring  System  monitors  critical  environ¬ 
mental  and  network  elements  in  your  server 
room,  data  center,  or  telecomm  installation  and 
reports  to  you  instantly  when  events  threaten 
your  infrastructure.  The  IMS-4000  keeps  watch 
so  you  don't  have  to.  See  these  features  and 
more  on  the  web  at  www.ims-4000.com 


' 

Phonetics,  Inc. 

Tel:  877-373-2700 

901  Tryens  Road 

www.ims-4000.com 

Aston,  PA  19014 

FROM  ANYWHERE 


Rose  Electronics 

10707  Stancliff  Rd. 
Houston,  Texas  77099 

281-933-7673 


CONTROL  IT 
SECURE  IT 


MamCElT 


o ermi 


M1" 


TCP/IP 


800-333-9343 


WWW.ROSE.COM 
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The  UltraLink  is  the  Rose  Electronics  answer  to 
Modem  and  Ethernet  remote  access! 

Server  access  over  IP  technology  allows  you  to 
access,  control  and  provide  computer 
maintenance  from  anywhere  in  the  world.  When 
combined  with  Rose  KVM  switch  technology, 
server  management  administrators  can  have 
faster  access  saving  time  and  money. 

With  dial-in,  dial-back  security  and  high- 
resolution  quad  screen  and  SSL  encryption,  the 
UltraLink  raises  the  KVM  industry  bar  in  remote 
server  access. 

A  KVM  industry  pioneer,  Rose  Electronics  is 
recognized  for  superior  KVM  switch  technology. 
Product  integrity,  simplicity,  and  reliability  are 
the  hallmarks  of  all  Rose  products. 

Call  Rose  to  learn  more  about  remote  server 
management  today. 


USA  .  CANADA  .  ENGLAND  .  FRANCE  .  GERMANY  .  BENELUX  .  AUSTRALIA  .  SINGAPORE 


ELECTRONICS 


Voice  Quality  Assessment 


Providing  clear,  uninterrupted  voice  is  critical,  irrespective  of  what  type  of 
network  is  carrying  the  voice.  GL's  Voice  Quality  Testing  (VQT)  Software, 
accessed  through  an  easy  to  use  GUI  interface,  provides  the  voice  quality 
measurement  and  analysis  tools  necessary  for  today's  voice  networks. 
Typical  network  applications  include  VoIP,  PSTN,  ATM,  Frame  Relay, 
and  Wireless  Networks. 

•  Use  the  Most  Widely  Accepted  Algorithms  for  Voice  Quality 
Testing  -  PAMS  (P.800),  PSQM  (P.861),  &  PESQ  (P.862) 

•  Manual  or  Automatic  GUI  Operation 

•  Assess  the  Effects  of  Noise,  Delay,  and  Echo  in  Networks 

•  Measure  the  Effects  of  Packet  Jitter  in  VoIP  Networks 

•  Analyze  the  Effects  of  Codec  Compression  in  Wireless  Networks 

Visit  our  website  to  learn  more  about  GL's  T1/E1/T3  Analysis.  Digital  CO 
Simulation,  and  Analog  &  Wireless  Voice  Quality  Testing  Solutions. 


Phone:  301-670-4784  •  Fax:  301-670-9187 
E-Mail:  info@gl.com  •  Web:  www.gl.com/vqt 


Dial  Access  Solutions 


PCI  Multi-modemAdapt 


Provide  4  or  8  V.90/V.34  data  and  fax  modems 
in  one  easily-installed  easily-configured  adapter 


a* 


4  and  8-port  adapters  v> 

Scalable  to  32  ports  per  server 
Lowest  CPU  utilization 
Installs  in  minutes 
Requires  no  interrupts 

Compare  for  yourself 

Dial  Access  at  its  best! 

Equinox  Multi-modem  Adapters  ....  v  _ v. 

provide  up  to  44%  savings  over  the  •  ^ax  server  .... 

leading  competitors  of  similar  products.  Oj^.l  access 

mm  m  m  _  .  !  Data  collection  " 

Tty  before  yOU  bliy.  Modem  pooling 

Call  1-800-275-3500,  ext.  61 5  Internet  access 

for  a  FREE  30-day  evaluation!  _ _ _  _ 

or  email:  sales@equinox.com 

For  more  infomation  on  Equinox  products  visit  our  website  at-  www.equinoxicdrrt  ^  ;.:- 
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The  Hub  of  the  Network  Buy 


There  Is  A  Better  Way  To  Troubleshoot  &  Manage  Your  Network 


OBSERVER 


i  it* 

Observer 

s995 


Expert 
Observer 
$ 2895 


Observer 
Suite 
$ 3995 


Observer® — Quickly  identifies  network 
trouble  spots  and  costs  thousands  less  than 
expensive  hardware-based  analyzers. 
Observer  provides  metrics,  capture,  and 
trending  for  both  shared  and  switched 
environments. 

•  Full  packet  capture  and  decode  for  over 
500  protocols,  including  TCP/IP  (v4  &  v6), 
NetBIOS/NetBEUI,  XolP,  SNA,  SQL,  IPX/SPX, 
Appletalk  and  many,  many  more! 

•  Switched  mode  sees  all  ports  on  a  switch 
gathering  statistics  from  an  entire  switch  or 
capture/statistics  from  any  port(s) 

•  Long-term  network  trending  collects 
statistical  data  for  days,  weeks,  months, 
even  years 

•  Real-time  statistics  include  Top  Talkers, 
Bandwidth,  Protocol  Statistics,  and 
Efficiency  History 

•  Ethernet  (10/100/Gigabit),  Token  Ring, 
FDDI,  and  Wireless  802. 1 1 — no  need  to 
purchase  separate  tools 


•  Windows®  98/Me/NT/2000/XP  compatible 

•  Over  4,000  frame  types  recognized 

Expert  Observer — Identifies  problems  and 
provides  Expert  information  in  plain  English. 

Includes  all  of  the  features  of  Observer  plus 
real-time  and  post-capture  expert  event 
identification  and  analysis — new  SQL  and 
Frame  Relay  experts  add  to  the  many  other 
protocols  covered,  time  synchronization 
technology,  and  modeling  of  network  traffic. 

Observer  Suite — The  ultimate  tool  for 
the  most  demanding  power  user. 

Provides  a  full  complement  of  tools  that 
includes  all  of  the  features  of  Expert 
Observer  plus  SNMP  management,  RMON 
console/Probe  and  Web  reporting.  Includes 
one  remote  Probe. 

If  you  have  any  network  problems,  find 
out  the  cause  with  Observer,  Expert 
Observer,  or  Observer  Suite. 


Call  800-526-7919  or  visit  us  online  for  a  full-featured  evaluation: 

www.NETWORKINSTRUMENTS.com 

US  (952)  932-9899  •  Fax  (952)  932-9545  •  UK  &  Europe  444  (0)  1959  569880  •  Fax  444  (0)  1959  569881 


INSTRUMENTS 


©2002  Network  Instruments,  LLC.  Observer,  “Network  Instruments”  and  the  "N  with  a  dot”  logo  are  registered  trademarks  of  Network  Instruments,  LLC. 
All  other  trademarks  are  property  of  their  respective  owners. 


1 7 ”  TFT  WRACK  MOUNT  DISPLAYS 


* 

4 


With  Keyboard  and  Trackball 


.4  ^ 


With  Keyboard  and  Touchpad 


1-800-729-7654 

Web:  www.recortec.com 
Email:  sales@recortec.com 


17”  Display  Only 


IIMC. 

1 620  Berryessa  Road  San  Jose,  Ca  951 33 
Tel-  (408)  928-1480  Fax:  (408)  729-3661 


-  Adjustable  length  ball 

bearing  slides. 

-  Also  in  black  and  with 
locking  front  panels. 

Made  in  the  USA. 


Seeking  Solutions  ...NTI  Has  The  Answers! 


BREAKTHROUGH 
USB  KVM  SWITCH 

Control  up  to  32  USB  PC,  MAC 
and  SUN  computers. 


“I  want  to  boot  all  of  my  USB 
computers  up  in  one  operation.” 


NOW  SUPPORTS  USB 
KEYBOARDS  AND  MICE! 


KEEMUX-USBV-8UO 

ICCSSr  USB  SWITCH 


•Flawlessly  controls  SUN  USB 
Computers  -  Tested  &  Verified  by  SUN! 

•  Compatible  with: 

-  SUN  Blade  100,  1000, 

-  SUN  Ray  &  SUN  Fire*  280R 

-  USB-enabled  PCs 

-  MAC  G3/G4S 

-  HP  J5000  and  other  USB-enabled 
UNIX  computers 

•  Features  NTI’s  patented  true 
autoboot  USB  switching  -  boots  all 
attached  computers  in  one 
operation.  (Other  USB  KVM  switches 
require  individual,  sequential  boot-up.) 

•Fully  compliant  with  USB  standards. 

•Crisp  &  clear  1900x1200  resolution. 


FREE  CATALOG! 

CAU  800-742-8324 


NT! 

1275  Danner  Drive  •  Aurora  OH  44202 
330-562-7070  •  FAX:  330-562-1999 


KEEMUX  KVM  SOLUTIONS 


BUY  ONLINE  at  www.ntil.com/sn 
Email:  sales@nti1.com 
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The  Hub  of  the  Network  Buy 


ViGO. 

Business  Quality  Videoconferencing 
for  less  than  $700. 

For  more  information  about  Falcon,  call  1-800-418-5328. 


VCON  www.vcon.com 

VISUAL  COMMUNICATIONS 


Cisco 

Routers 


Switches 

Hubs 

Voice  Over  IP 

Memory 

Security 

Interface  Modules 
Port  Adapters 
Wireless 


World  Data  Products  introduces  its  new  Cisco 
Router  and  Switch  poster.  It  provides  at-a-gtance 
information  on  model  capacities,  interface  cards 
and  available  features. 

The  Cisco  Poster  is  a 
valuable  tool  for 
network  planning. 

Call  877.231.2451  or 
visit  www.wdpi.com 
to  request  your 
FREE  Cisco  Router 
and  Switch  poster. 


Buy  •  Sell  •  Lease  •  Repair  •  New  •  Refurbished  •  Used 
www.wdpi.com  •  877.231.2451  •  cisco@wdpi.com 

121  Cheshire  Lane,  Minnetonka,  MN  55305  U.S.A. 


Instantly  Search  Gigabytes  of  Text 


dtSearch* 


The  Smart  Choice  for 
Text  Retrieval®  since  1991 


"Superb  ...  a  multitude  of  high-end  features"  —  PC  Magazine 

"A  powerful  text  mining  engine  ...  effective  because  of 
the  level  of  intelligence  it  displays"  —  PC  A! 

"Very  powerful  ...  a  staggering  number  of  ways 
to  search"  —  Windows  Magazine 

"Impressive"  —  PC  Magazine  Online 

"A  tremendously  powerful  and  capable 
text  search  engine" —  Visual  Developer 

"Intuitive  and  austere  ...  a 
superb  search  tool"  —  PC  World 


ws 

dtSearch], 


Fast,  precision  searching 

♦  over  two  dozen  text  search 
options 

♦  indexed,  unindexed,  fielded 
and  full-text  searching 

Organization-wide  reach 

♦  highlights  hits  in  HTML  and  PDF 
while  keeping  embedded  links 
and  images  intact 

♦  converts  other  file  types  —  word 
processor,  database,  spreadsheet, 
email,  ZIP,  XML,  Unicode,  etc.  — 
to  HTML  for  display  with 
highlighted  hits 

1-800-IT-FINDS 
www.  dtsearch.  com 

sales@dtsearch.com 


Desktop 

Find  anything, 
anywhere, 
instantly  ♦5/99 


Spider 


Spider  and  search 
Web  sites  ♦  induded 
with  all  products 


Search  the  many 
forms  of  data  that 
exist  across  a  large 
enterprise  network 

♦  from  5 800 


Publish  a  searchable 
database  to  CD,  DVD 

♦  from  52,500 


Text  Retrieval 
Engine 

Add  power 
searching  to 
a  product 

♦  extensive 
sample  source 
code  in  multiple 
programming 
languages 

♦  from  5999 


Web 


Add  instant 
searching  to  your 
site  ♦  5999  per  server 


Stop  by  www.dtsearch.com 
for  30-day  evaluation  versions 


Contact  these  companies  today  to  help  you  with  your  training  needs! 


Learnkey  Inc.  ^ 

(800)  865-0165 
www.learnkey.com 
Self-paced  online  CD  network 
certification  developer  bus/apps 


Boson  Training  ^ 

(813)  925-0700 
www.bosontraining.com 
CCIE,  CCNP,  CSS1,  CCNA,  Cisco, 
wireless,  C1SSP 


PMG  NetAnalyst 

(800)  645-8486 
www.NetworkTraining.com 
Network  Forensic  Analysis  and 
Security  Training  and  Services 


NETg 

(800)  828-2050 
www.wavetech.com 
IT  Certification  Boot  Camps  with 
Guaranteed  Success 


George  Washington  (Jniv 

(202)  973-1175 
www.cpd.gwu.com 
Oracle  DBA  Cisco  CCNA  Java 
wireless  networks 


Infinity  I/O 

(800)  990-0955 
www.infinityio.com 
Fibre  Channel  &  SAN  Training 
&  Certification 


iu  J-j'jf  ihikij  'A'si 
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NetWOrkWorM  NetSmart  Learning  Partner 
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it's  a 

HO  brainer! 


Extreme  Networks  ■  Nortel  Networks 


Lucent  Technology 
Alcatel 

Riverstone  Networks 


^  «  Juniper  Networks  ■  Foundry  Networks 

X>  www.digitalwarehouse.com 

•  mwal  wamhousi 

Your  Information  Superhighway  Discount  Source » 


Phone:  800-439-8558  or  718-894-7500 

56-29  56th  Drive,  Maspeth,  NY  1 1 378  USA  Fax:  718-894-15. 


Extend  the  life  of  your 

Networking 

Your  Alternative  to  factory  New  products 


■  A-1  Quality  Pre-Owned  Tested  Equipment 

•  50-85%  Savings  oft  List  Prices 

•  120-Day  Limited  Warranty 

•  100%  30  Day-Money  Back  Guarantee 

•  Large  Inventory,  Same  day  Shipping 
-  Extended  Warranties  Available 

Professional  Quality  Packaging 

Request  a  Quote  on-line  at: 

www.bizint.com 
e-mail:  info@bizint.com 


Your  global  alternative 
to  factory  new  products 


(877)  438-2494 

or  (315)  458-9606  We  Buy,  Sell,  Trade  and  Lease... 


CISCO.  EXTREME.  JUNIPER.  BAY/NORTEL.  3COM.  FOUNDRY,  CABLETRON 


SURPLUS  TO  ONGOING 
OPERATIONS,  ON  BEHALF  OF 


ricnchet 

high-speed  wire  free  internet 


10:00AM,  THURSDAY,  JULY  11  •  TULSA,  OK 

Auction  Site:  Radisson  Inn  Tulsa  Airport,  2201  N  77th  E.  Ave., Tulsa, Ok 

INSPECTION  SITE:  1827  N.  75th  East  Ave.,  Tulsa,  •  Wed,  July  10,  9-  5pm  &  Morning  of  sale. 

Bid  Live  On-Site  Or  Bid  Via  Your  PC! 


$30  MILLION  ORIGINAL  COST  OF  EQUIPMENT! 


TEST  &  MEASUREMENT:  S00  Pieces  of  Quality  Test  and  Measurement  from  HP,  Tektronix, 
Agilent,  Fluke,  including  (40+)  HP  8594E  and  Tektronix  2712  Spectrum  Analyzers  (20+)  Tektronix 
Oscilloscopes,  (25+)  HP  34970A  Data  Acquisition  Units,  Rohde+Schwatz  and  HP  Signal  Generators, 
HP  Modulation  Analyzers,  (50+)  HP  S3I32A  Universal  Counters,  (100+)  HP,  Lamdba,  Agilent  and 
Topward  DC  Power  Supplies  and  more  •  WAP  CABINETS  AND  COMPONENTS:  Single, 
Small  and  Double  WAP  Cabinets  and  Components  including:  (12,000+)  Directional  Antennas: 
Decibel  (MDL  DB977H70N-S),  Hirschmann  (MDL  927965-930  &  960),  Sinclair  (MDL  SRL44 1 P); 
(650+)  Power  Conversion  Units,  Marconi;  (950+)  WAP  Cabinets,  Marconi/Chatham;  (900+)  WCS 
Amplifiers.  Spectrian  •  PC’S,  MONITORS  AND  PRINTERS:  (200+)  IBM  PC’s  from 
400mhz-600mhz,  (300+)  ViewSonic,  IBM,  NEC  17"  Monitors,  many  new  inbox,  IBM  Thinkpads,  Apple 
Powerbooks,  Laser  Scanner,  HP  LaserJet's,  Office  Jets,  and  Color  Jet  Printers,  and  more. 
SERVERS  AND  NETWORKING:  IBM  Netfinity  Servers,  Cisco,  Bay  Networks,  and  Netgear, 
(200+)  APC  3000,  1400,  1000  Smart  UPS.  HP  Port  Replicators  and  so  much  more. 

Sff  OUR  WEBSITE  FOR  MORE  INFORMATION,  PHOTOS  i  EQUIPMENT  LIST: 


www.CowanAlexander.com 


I  Cowan/ 


888-875-SOLD 


OFFICES:  10S  ANGELES  •  PORTLAND 
•  AUSTIN  •  SAN  FRANCISCO 


The  Hub  of  the  Network  Buy 


WRCA.NET 
NEW  USED 


AUTHORIZED  RESELLER 
Access/Routers/Switches 
Cisco  Livingston  Ascend 
3Com  US  Robotics  Kentrox 
Adtran  BayNetworks  Xyplex 
Computone  Digital  Link 
Modems  /  DSU  /  Muxes 
IBM  UDS  Codex  Hayes  GDC 
Micom  Microcom  Paradyne 
ATT  MultiTech  Penril 
Racal  Telebit  Zoom 

WE  BUY  AND  SELL 
www.wrca.net 

800-699-9722 


training 
S  Memory 
products 
i  Ethernet 
Cards 

i  Netware 
products 
'i  Modems 
S  Testing 
equipment 
Multiplexers 
'i  File  Servers 
d  vdt. 
d  wJt. 
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Advertise  in  the 
Marketplace  and  watch 
your  sales  come 
pouring  in! 


Call  Direct  Response 
Advertising 
1-800-622-1108 


N^RTELnetworks 
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|  HU  E559S8Q  #  BayNetworks 


BROWSING  THE  AUCTIONS? 
Consider  What  You  Get 

National  LAN  Exchange  Auctions 


■  Nortel  Service  Contracts 

•  Nortel  Service  Renewals 

•  Next-Day  Hardware 
Replacement 

•  Free  Technical  Support 

■  One  Year  Warranties 

■  New  and  Used  Equipment 

•  Hundreds  of  Pieces 
in  Stock 

■  Design/lnstall  Services 


■  No  Service  Contracts 

•  No  Service  Renewals 

■  No  Replacements, 

No  Guarantees 

■  No  Support 

■  No  Warranties 

•  Who  Knows? 

•  Sometimes  Available, 
Sometimes  Not 

•  No  Services 


•  Fast  Overnight  Delivery  •  Inconsistent  Delivery 

Make  the  Smart  Choice 


www.NLE.com 
New/Used  •  Buy/Sell 
National  LAN  Exchange 


888-8LANWAN 

(888-852-6926) 


For  More  Information 
on  advertising  In 

A/etwo rfr  Worthy  MarfcetMace 
contact;  £nfcu  Gofcale^ 
800-t>ll-1l08  ext. 
e,?o  fcaIeSnww.com 

_ 
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See  the  entire  Generation 
3.0  collection  at: 

BRETTS 

Luggage.  Leather  gtxxls.  Gifts 
Pens.  Clocks.  Lighters.  Games 

www.suitcase.com 


We 

Buy 


& 


Since  1985 


Sell 


CISCO 


New  &  Used 

Fully  Guaranteed 

Overnight  Delivery  wi 

■ 

■  ■ 

S#  hat>ia  Esparto)  MM  1® 

ipttchfft  Otuttch  mu 

800.451 

ftO  Castilian  Drive,  Suit*  HO. 

1.3407 

Routers 
Switches 
Interface  Modules 
Access  Servers 
Accessories 

www.nctworkhardwar6.com 

BUY  ONLINE 

■71 
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IT  CAREERS 
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Project  Managers  to  manage/ 
lead  technical  teams  to  perform 
application  analysis,  design, 
development  utilizing  compo¬ 
nent  based  application  develop¬ 
ment  of  OLTP  systems  in 
client/server,  data  warehouse/ 
data  mart,  logical/physical  data/ 
process  and  object  modeling 
using  UML,  GoF  Design  Patterns, 
Oracle  RDBMS,  EJB,  XML/XSL. 
C/JAVA,  HTML,  COBOL  on  Win¬ 
dows  and  UNIX  OS;  write  soft¬ 
ware  requirements  &  design 
specifications;  develop  project 
budgets,  time  and  cost  estima¬ 
tion,  etc;  motivate,  tutor  team 
members  and  evaluate  perfor¬ 
mance.  Require:  MS  in  CS/ 
Enggtany  branch)  or  related  field 
with  3  yrs  exp.  A  BS  or  foreign 
equiv  in  CS/Science/Math  or 
Engg  (any  branch)  with  5  yrs  of 
relevant  progressive  exp  will  also 
be  accepted.  Competitive  salary. 
F/T  position.  Some  travel  in¬ 
volved.  Resume  to:  HR,  Bahwan 
Cybertek  Technologies,  Inc., 
209  West  Central  St.,  Suite  312, 
Natick,  MA  01760. 


Thomson  Financial  Inc.  seeks  a 
Database  Administrator  (Boston, 
MA)  to  provide  comprehensive 
DB  admin,  services  to  implement 
Oracle  &  Sybase  DBs  for  Sun 
Solaris/HP-UX  &  NT  OS;  support 
development  for  JDBS  &  SQLJ; 
&  use  WebDB  for  production 
support  &  devel.  Min.  require¬ 
ments:  Master's  degree  or  equiv. 
in  Computer  Sci.,  any  Engineer¬ 
ing  area  or  related  field,  +  5 
years  of  exper.  as  DB  Adminis¬ 
trator  working  in  Oracle  &  Sun 
Solaris  envir.;  exper.  must  ind. 
3  yrs  of  JDBS,  SQLJ  &  WebDB 
(aka  Oracle  Portal)  in  the 
Sybase/HP-UX/NT  envir.  Pis  re¬ 
spond  to:  Nicole  White,  HR, 
Thomson  Financial,  22 Thomson 
Place,  Boston,  MA  02210. 


Programmer  Analyst:  Analyzes 
user  requirements  procedures, 
and  problems  to  automate  pro¬ 
cessing  or  to  improve  existing 
computer  systems.  Bachelor  in 
Computer  Science,  Engineering 
or  math-related  and  2  yrs.  of 
IBM  Mainframes,  MVS,  CICS, 
MF  Revolve, AS/400, RPG/400, 
DB2/400,  CL/400  experience 
required.  $57,450  yr.  Apply  by 
resume  only  to  William  T.  Wiley, 
Sr.,  Vice  President ,  Y.K.K.(U.S.A), 
Inc.  1306  Cobb  Industrial  Drive, 
Marietta,  Georgia  30066. 


Progammer  needed  to  de¬ 
sign,  develop  and  test 
software  primarily  using 
LISP.  Requires  a  Bachelor's 
degree  in  Computer  Science, 
Electrical  Engineering  or 
related  field.  Send  resume 
to  Nancy  Adams,  Elliott  Wave 
International,  200  Main  St., 
Hunt  Tower,  Gainesville,  GA 
30501 


SeeBeyond,  the  leading  global 
provider  of  eBusiness  Integration 
Solutions  has  the  following  job 
opportunities  available: 

•  Software  Engineer 

•  Software  Quality  Assurance 
Engineer 

•  Product  Marketing  Manager 

•  Professional  Service  Engineer 

•  Systems  Implementation 
Engineer 

•  Systems  Administrator/ 
Engineer 

•  Business  Analyst 

•  Director  of  Quality  Assurance 
&  Release  Management 

Bachelors  degree  or  equivalent 
work  experience 
Fax  resume  to:  (626)  408-3381, 
Attn:  GC-BSA.  EOE. 


Database  Administrator,  Newark, 
NJ  -  Requires  Master's  Degree. 
Please  send  resume  to:  Paul 
Besso,  Ciber,  Inc.,  5251  DTC 
Parkway,  Ste.  1400,  Greenwood 
Village,  CO  80111. 


Software  Engineers  to  analyze, 
develop,  maintain  client  server 
web  appls  and  DW  appls  using 
Java.  HTML,  DHTML,  C/C++, 
Javascript,  VBscript,  Servlets, 
JSP,  DW  tools  etc  under 
Windows  and  UNIX  OS;  perform 
DB  monitoring  using  Oracle, 
DBASE,  SQL  Server,  Developer 
2000  and  quality  control,  coding 
and  testing  of  projects;  generate 
batch  reports  from  existing  data 
and  debug  for  better  perfor¬ 
mance.  Requires:  MS  or  foreign 
equiv  in  CS  or  Engg  (any  branch) 
with  1  yr  exp.  Competitive  salary. 
Travel  involved.  F/T  position. 
Resume  to:  Smartsoft  Interna¬ 
tional,  Inc.,  4898  South  Old 
Peachtree  Road,  Suite  200, 
Norcross,  GA  30071 


Director,  University  and  Regional 
IT  Services 

The  University  seeks  the  senior 
manager  for  a  state-of-the-art 
centralized  computing  and  net¬ 
working  services  center.  The 
data  center  is  a  multipurpose  fa¬ 
cility  that  operates  24/7/365  in¬ 
terfacing  with  and  serving  all 
academic,  administrative  and 
business  units  in  a  large  re¬ 
search  extensive  university  as 
well  as  a  number  of  other  re¬ 
gional  and  statewide  programs 
and  clients. 

For  more  information  and  appli¬ 
cation  procedures,  please  visit 
www.it.ufl.edu.  Formal  review  of 
applications  will  begin  on  Sep¬ 
tember  15,  2002  and  will  contin¬ 
ue  until  the  position  is  filled. 
Salary  negotiable.  If  an  accom¬ 
modation  due  to  a  disability  is 
needed  in  order  to  apply  for  this 
position,  please  call  (352)  392- 
4621  or  TDD  (800)  955-8771 . 
AA/EA/EEO 


Information  Technology  Manag¬ 
er,  Insurance  Claims  Admin.  Min. 
Bachelor's  in  Engineering/related 
field  or  equiv.,  MBA.  Oversee  all 
IT  operations,  using  knowledge 
of  SQL,  Pyramid,  Seagate  Crystal 
Report,  VPN,  Firewall.  Manage 
databases,  streamline  operations, 
review  data  and  prepare  man¬ 
agement  reports  to  maximize 
business  operations.  40  hrs/wk. 
9AM-6PM.  Competitive  salary. 
Send  resume  to:  Fleming  &  Hall 
Administrators,  ATTN:  HR,  PO 
Box  767668,  Roswell,  GA 
30076. 


Sr.  Software  Dvlpr  wanted  by 
Healthcare  Mktg  Communications 
Co  in  Manh.  Design  &  dvlp 
software;  generate  software  & 
web-based  designs;  write  flow¬ 
charts  &  program  descriptions. 
BS  in  Comp  Sci  or  Systs  Engr 
&  2yrs  exp  in  job  offered  req. 
Respond  to:  SS/HR  Dept,  PO 
BOX4241,  GCS,  NY  10163. 


JOB  OPPORTUNITY: 

Computer  Programmer 
Job  location:  San  Jose,  CA.  Duties: 
Convert  data  from  project  spec’s 
&  statements  of  problems  & 
procedures  to  detailed,  logical 
flowcharts  for  coding  into  com¬ 
puter  language.  Create  &  modify 
C/C++,  K-Script,  and  SAS 
programs  of  a  complex  nature. 
Develop  &  write  programs  to 
store,  locate  &  retrieve  specific 
documents,  data  &  info  from 
multiple  databases.  Test  &  debug 
C/C++,  K-ScripL  &  SAS  programs. 
Code,  test  &  implement  databases. 
Use  Adobe  Photoshop  to  design 
&  create  custom  graphics.  Hand 
code  HTML  in  conjunction  w/ 
Dreamweaver  to  create  &  maintain 
web  page.  Develop  &  maintain 
CSS,  HTML,  JSP  &  XML  code 
for  web  applications. 

Req’s:  Bachelor's  in  Electrical 
Engineering  +  2  yrs.  exp.  in  job 
offered.  Exp.  which  may  have 
been  obtained  concurrently, 
must  include:  1  yr.  exp.  designing 
&  hand  coding  HTML  pages  for 
websites,  1  yr.  exp.  coding  XML 
for  web  applications  &  1  yr.  exp. 
using  Adobe  Photoshop  & 
Dreamweaver.  To  apply,  mail 
resume  to:  Ms.  Debbie  Gardner 
Tossie,  Knowledge  Decision 
Sciences,  Inc.,  211  W.  Franklin 
St.,  Monterey,  CA  93940. 


Codesic  seeks  Unix  Sys.  Admin, 
for  Kirkland,  WA  HQ  office. 
DESC:  Admin.  &  maint.  UNIX 
sys.  Anlyz  info,  sys,  id  client  reqs, 
&  rec.  hardware  &  s/w  solns.  Install 
&  config.  app.  &  web  servers, 
RDMBS,  &  progs,  util.  C++,  Java, 
shell  script,  Perl,  &  HTML.  Mng. 
&  config.  disc  storage.  Set  up 
useraccts,  mng.  password  resets, 
&  conduct  capacity  planning  & 
perf.  tuning.  Anlyz,  troubleshoot 
&  deploy  sys.  apps.  Prep  training 
&  troubleshooting  guides.  Con¬ 
duct  root  cause  analysis  to 
explain  &  prevent  sys.  &  app. 
failures.  REQ:  BS  in  Engr,  CS, 
Math,  or  Phys.  plus  1  yr  exp. 
admin.  &  maint.  Unix  sys.  Install 
&  config.  app.  &  web  servers, 
RDBMS  &  progs,  util.  C++,  Java, 
shell  script,  Perl  &  HTML.  Mng. 
&  config.  disc  storage.  Mng.  user 
accts,  password  resets,  &  con¬ 
duct  capacity  planning  &  perf. 
tuning.  Anlyz,  troubleshoot,  & 
deploy  sys.  apps.  to  meet  bus. 
obj.  Prem.  sal  +  benes  &  bns.  Pis 
reply  to  Tech.  Rec,  Job  #CO-1 03, 
11250  Kirkland  Wy,  Ste  101, 
Kirkland,  WA  98033. 


DBAs  to  design,  develop  and 
manage  mission  critical  data 
ware  house  databases  and  per¬ 
formance  tuned  Oracle  production 
databases;  analyze,  design,  de¬ 
velop,  test  and  implement  online 
transaction  processing  and  multi 
user  systems  involving  large  and 
distributed  databases;  perform 
database  creation,  modeling, 
calculation  of  object  sizes,  table 
spaces  and  database  sizes; 
provide  performance  improve¬ 
ment,  optimization,  upgrade  and 
migration.  Require:  M.S.  or 
foreign  equiv  in  CS/Engg.  (any 
branchj/related  field  with  1  yr 
exp.  Highly  competitive  salary, 
F/T  position.  Travel  involved 
to  client  sites.  Resumes  to 
Compsoft  Technology  Solutions, 
Inc,  1 1  N  Roselle  Rd,  Schaum¬ 
burg,  IL  60194 


Technosoft  Corporation  has  mul¬ 
tiple  opening  for  Programmer/An¬ 
alyst,  Software  Engineer,  Project 
Lead/Manager.  Applicant  should 
have  strong  skills  in  Java,  Perl, 
Siebel,  Oracle/Informix  DBA,  GUI, 
Java  C++,  CRM  Applications, 
ERP  &  Dataware-  warehousing. 
Send  resume  to:  3071  Lawrence 
Expressway  Santa  Clara,  CA 
95051  or  email  to:  jobs@tech- 
nosoft-Corp.com 
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ROGER  BERRY 

Senior  Vice  President  and  Chief  Information  Officer  for  the  Walt  Disney  V/oiid 
Resort,  will  be  the  Keynote  Speaker  for  the  Awards  Banquet,  Saturday,  August 
10. 2002 


LEADING  EDGE  SEMINAR  TRACKS: 

•  INFORMATION  TECHNOLOGY 

•  LEADERSHIP  DEVELOPMENT 

•  ENTREPRENEURS  &  SMALL  BUSINESS 

•  CAREER  DEVELOPMENT 

•  ACADEMIC  DEVELOPMENT 

•  COLLEGE  STUDENT  TRACK 
2-DAY  WORKSHOPS 

•  INTRODUCTION  TO  JAVA 

•  INTRODUCTION  TO  DB2 

IT  SENIOR  MANAGEMENT  FORUM 

(ITSMF) 

Network  with  CIOs  and  Senior  Management 
Professionals 

HIGH  SCHOOL  COMPUTER  COMPETITION 

Experience  the  excitement  as  high  school 
students  display  their  skills  and  expertise  in 
programming  and  technical  presentations. 


YOUTH  CONFERENCE 

Hands-on  training  and  workshops  in  technol¬ 
ogy,  PC  Building  Race  and  IT  Knowledge 
Quiz  Bowl 

NETWORKING  OPPORTUNITIES 

♦  DIGNITARIES  RECEPTION  & 
ROUNDTABLE 

•  ENTREPRENEUR  SHOWCASE 

•  COLLEGE  &  HBCU  ROUNDTABLE 

•  TOWN  HALL  MEETING 

*  AWARDS  BANQUET 
-sponsored  by  Walt  Disney  World 

•  BDPA  IT  GOLF  CLASSIC 

♦  PRAYER  BREAKFAST 

CAREER  FAIR  &  TECHNOLOGY  EXPO 
Friday,  August  9  10:00am  to  6:00pm 

Saturday,  August  10  10:00am  to  4:00pm 

♦  Free  admission  with  resume 


Full  2-DAY  "Hands-on"  Seminars!! 
Tuesday,  August  6  &  Wednesday,  August  7th 
INTRODUCTION  TO  XML  PROCESSING  WITH  JAVA™ 
DB2  UDB  THE  WORKSHOP  FOR  DBAS 


BDPA  2002  24TH  ANNUAL  NATIONAL  CONFERENCE 
PHONE:  (800)  727-BDPA  FAX:  (301)  220-2185  WEBSITE:  WWW.BDPA.ORG 
6401  Golden  Triangle  Drive,  Suite  450,  Greenbelt,  MD  20770 


Analyst  (network  systems  & 
data  communications)  -  perform 
analysis,  design,  testing,  evalua¬ 
tion  etc.  of  LAN/WAN  &  other  sys¬ 
tems.  Research  &  recommend 
proper  hard-/software  to  users. 
Maintain,  troubleshoot  &  assist 
users  w/  programs  &  implemen¬ 
tations.  Resolve  technical  issues. 
Coordinate  overseas  offices  w/ 
user  requirements,  design,  devel¬ 
op  &  solutions.  Requires:  BS- 
Computer  Science  (  or  equiva¬ 
lency);  Microsoft  Technologies 
Certification;  2yrs  exp  in  comput¬ 
er  software  solution  develop¬ 
ment.  $36K/yr  ( 40hrs/wk).  Apply 
with  CV  to:  Sri  Vepa,  Systems 
Hardware  Inc.  661  Brea  Canyon 
Road,  Suite  5  Walnut,  CA  91 789 


Prog/Analysts  to  analyze,  design 
and  develop  Peoplesoft  HR  and 
Payroll  Systems  using  People- 
soft,  Oracle,  Developer  2000, 
VB,  MS  Access,  PL/SQL  etc  on 
UNIX  and  Windows  OS;  support 
and  maintain  customized  soft¬ 
ware  packages;  debug  and  mod¬ 
ify  existing  software;  prepare 
documentation.  Require:  BS  or 
oreign  equiv  in  CS/Engg  (any 
branch)  /  related  field  with  2  yrs 
exp.  S/W  Engineers  to  analyze, 
design,  develop  and  implement 
appls  using  Java,  C++/C,  JSP, 
EJB,  Servlets,  HTML,  XML, 
Websphere,  VB,  PB,  Oracle, 
SQL  Server  on  UNIX  and  Win¬ 
dows  platforms;  perform  unit  and 
integration  testing,  performance 
tuning  and  query  optimization; 
provide  customer  support;  per¬ 
form  requirements  study  and 
provide  feedback;  create  triggers 
and  data  bases  design;  debug 
and  troubleshoot.  Require:  MS 
or  foreign  equiv  in  CS/Engg  (any 
branch)  with  6  months  exp. 
Highly  competitive  salaries, 
F/T  positions.  Travel  involved. 
Resumes  to  Compsoft  Technology 
Solutions  Group,  Inc.,  11  N 
Roselle  Road,  Schaumburg,  IL 
60194 


It  s  like  having 
the  i nsi de  track  on 

all  the  hottest  tech  jobs, 

all  the  time. 


The  hottest  job  leads  you  can’t 
find  anywhere  else  are  all  right 
here.  That’s  because-- Di  ce  is  all 
tech  jobs,  all  the  time.  Get  tl>4 
inside  .track  on  the  best  tee 
jobs.  Go  to  dice.com  today.  /;• 


©  2002  Dice.com 
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Web  Developer 

Covington.  LA  -  Wild. Net  LLC,  a  market  leader 
in  the  design  &  management  of  trading  sites 
for  the  commercial  insurance  industry  is 
seeking  a  Web  Developer  who  will  develop  & 
maintain  interactive  web  sites  &  their 
supporting  databases,  applying  knowledge  of 
comp  systems  &  scripting/  programming 
languages  such  as  C++  &  JavaScript.  Req'd: 
Master's  degree  in  InfoSystems,  CompSci,  or 
related.  Send  resume  to:  Michael  Goldberg, 
Benfield  Blanch  Inc,  500  N.  Akard,  #4500, 
Dallas,  TX  75201.  EOE. 


SR.  PROG.  ANALYST 


Applying  knowledge  of  SAP  and 
Siebel  programming  techniques 
and  comp.  sys.  to  plan,  dvlp, 
test,  implmnt  and  document 
bus  -related  software  applns. 
Eval.  users'  requests  for  new  or 
modified  programs.  Make  site 
visits  as  needed  to  gather  info, 
and  analyze  sys.  reqmnts.  Consult 
with  users  to  identify  operating 
procedures,  clarify  program 
objectives  and  leverage  the 
functionality  of  SAP  as  well  as  its 
interface  with  Siebel  software 
utilizing  Electronic  Data  Inter¬ 
change  ("EDI")  and  Application 
Link  Enabling  ("ALE")  to  address 
critical  reqmnts.  and  assure 
smooth  transition  of  data  between 
the  sys.  Utilize  all  components  of 
the  SAP  dvlpmnt  environment  to 
combine  pre-developed  software 
objects  with  customized  pro¬ 
gramming  to  generate  applns. 
that  are  highly  integrated  with 
the  SAP  R/3  sys.  Oversee  install, 
of  hardware  and  software.  Train 
and  provide  tech,  support  to 
users  of  SAP  program.  Monitor 
perform,  of  sys.  after  install. 
Master's  degree  in  Elec.  Eng., 
Math,  Comp.  Scl.  or  Bus.  reqd.  + 
2  years  exp.  in  pos.  offered  or  as 
a  Software  Engnr,  Sys.  Analyst, 
Prog.  Analyst  or  Tech.  Consultant. 
Must  have  knowledge  of  SAP 
R/3,  ABAP/4,  EDI,  ALE  and 
Siebel  programming  langs.  40 
hrs/wk,  OT  as  reqd,  8  am  -  5  pm, 
$80,000/yr.  Qualified  applicants 
submit  resume  to:  JS  Supervisor, 
Greene  County  Team  PA  Career 
Link,  4  West  High  Street, 
Waynesburg,  PA  15370-1324. 
Please  refer  to  Job  Order  No. 
255505. 


Software  Engineer  positions 
available  at  NYC  e-commerce 
firm  to  develop  and  program 
software  applications  for  net¬ 
work,  to  design  database  structure 
and  establish  data  server.  BS, 
MS  in  Comp.  Sci.  and  exp.  Send 
resume  to  Tech  Group,  LinkShare 
Corporation,  215  Park  Avenue 
South,  8th  Floor,  New  York,  NY 
10003. 


Software  Engineers  &  Program¬ 
mers.  Analyze,  design,  develop 
and  test  applications  for  online 
security  and  utility  industries  in 
C,  C++,  Java,  MQSeries,  Web¬ 
sphere  Application  Server  4.0, 
Oracle,  DB2,  PL/SQL,  UML. 
Security  API's,  PKI,  Rational 
Rose,  XML  Servlets,  EJB.  J2EE 
and  related  security  technologies. 
Prevailing  wage/benefits.  Con¬ 
sulting  positions  requiring  travel 
to  client  sites.  Send  resume  to 
HR,  Trinsol,  Inc.  1205  Spring 
Ridge  LN,  Flowermound,  TX 
75028. 


Programmer  Analysts  (3  posi¬ 
tions)  to  analyze,  design,  develop, 
test  and  implement  dataware- 
housing/datamart  and  software 
applications  and  ETL  using  tools 
like  informatica,  Cognos,  Oracle, 
MS  SQL  Server,  CICS,  DB2, 
HTML,  Java,  C++  on  UNIX, 
Windows  environments;  gather 
and  document  requirements 
from  user  community;  test  and 
troubleshoot  project  application 
code  according  to  system  objec¬ 
tives.  Require:  BS  or  foreign 
equiv.  in  CS  /  engg.  (any  branch) 
/  related  field  with  2  yrs  exp  in  IT. 
Highly  competitive  salary.  F/T 
position.  Travel  to  client  sites 
req.  Resume  to  HR,  Smartsoft 
International,  Inc.,  4898,  South 
Old  Peachtree  Rd,  Norcross,  GA 
30071. 


Programer/Analyst:  Design  and 
develop  customer  application 
information  system,  API  devel¬ 
opment  and  e-commerce  web¬ 
site  development  using  Borland 
C++,  Microsoft  Visual  Studio  6, 
Cron  Script,  and  AS/400.  Test 
applications  for  quality  assurance. 
Improve  and  debug  previous 
developed  products.  Req.  Master 
Degree  or  equivalent  in  CS 
or  MIS.  Must  be  proficient  in 
Borland  C++,  MS  Visual  Studio 
6,  Cron  Script,  and  AS/400  DB2. 
$53,000/yr,  9-5,  40  hr/wk.  Send 
resume  to  HiTech  Data  Commu¬ 
nications,  Inc.  at  HiTech  Data 
Communications,  Inc.,  2170 
Business  Center  Dr.,  Suite  1, 
Memphis,  TN  38134. 


PROJECT  MANAGER  needed 
to  support  &  implmt  projects, 
administer  &  track  svc  contracts, 
define  &  dvlp  new  telecom 
products.  Apply  to  Global 
Consultants,  601  Jefferson 
Rd,  Parsippany,  NJ  07054. 


Network  Administrator  with 
Bachelors  degree  and  two 
years  exp.  wanted  in  Houston, 
TX.  Respond  to:  HR  Dept., 
Houston  Computer  Center,  Inc. 
10641  Harwin  Dr.,  Suite  500, 
Houston,  TX  77036. 


F/T  Lead  Programmer  Analyst: 
Responsible  for  developing, 
designing  &  modifying  computer 
software  applications  as  well 
as  testing,  implementing  &  main¬ 
taining  new  &  existing  software 
applications.  Woik  w/  Unix,  Orade, 
COBOL,  C,  PL/SQL,  Pro'C,  SQL 
•Plus,  SQLToader,  Pro-COBOL 
&  MF-COBOL.  Oversee  project 
coordination,  assess  design 
specifications  to  ensure  they 
meet  company  standards  & 
requirements.  Prepare  work  plans, 
codes  &  unit  test  programs  & 
verify  test  data.  Perform  systems 
analysis  tests,  coordinate  cross¬ 
function  testing,  monitor  integra¬ 
tion  &  alpha/beta  testing  & 
troubleshoot  defects  found.  Must 
have  Bachelor's  degree  in 
Computer  Science  or  related 
field.  Foreign  degree  equivalent 
accepted.  Employer  will  accept 
Master's  degree  in  lieu  of 
Bachelor's.  Must  have  5  yrs.  exp. 
in  job  offered  or  position  w/  same 
duties.  Send  resume:  cchungQ 
uos.com  or  UPS,  Job  Code 
IMGCW,  P.O.  Box  833,  Mahwah, 
NJ,  07430,  Attn:  Carol  Chung, 
Human  Resources,  R-2A-105A. 


Full-time  Computer  Software 
Applications  Engineer.  Respon¬ 
sible  for  planning,  developing  & 
evaluating  business  requirements 
&  develop  software  according  to 
established  standards  working 
w/MVS/ESA,  COBOL,  DB2,  CICS, 
JCL,  VSAM,  Intertest,  Ezetrieve, 
Xpeditor  &  object  oriented  tech¬ 
nologies  like  Java,  JSP,  XML  & 
XSLT.  Conduct  feasibility  tests 
on  developed  codes  &  trou¬ 
bleshoot  defects  found,  code 
programs,  develop  &  execute 
test  plans  &  document  results. 
Must  have  Bachelor's  degree  in 
Computer  Science,  Computer 
Engineering  or  related  field.  For¬ 
eign  degree  equivalent  accepted. 
Must  have  8  yrs.  exp.  in  job 
offered  or  position  w/  same  duties. 
Send  resume:  epalumbo® 
ups.com  or  UPS,  Job  Code: 
IVPCW,  P.O.Box  833,  Mahwah, 
NJ  07430,  Atten:  Evelyn  Palumbo, 
Human  Resources  ,  M3C-010. 
Employer  will  not  sponsor  visas 
for  position. 


Software  Engineers  to  analyze, 
design,  develop  and  implement 
client  server,  web  appls  and 
OOD  appls  using  Java,  C++/C, 
Java  Servlets,  XML,  HTML,  EJB, 
JSP,  CORBA  and  databases  us¬ 
ing  Oracle,  Sybase,  Rational 
Rose  etc  on  Windows  NT/95  and 
Unix  OS;  train  team  members 
and  provide  user  support  for  the 
systems  and  related  application 
both  internally  and  to  clients; 
debug  and  modify  existing  soft¬ 
ware.  Require:  MS  or  foreign 
equiv  in  CS/  Engg(any  branch) 
or  related  field  with  1  yr  exp. 
Competitive  salary,  F/T  position. 
Travel  to  client  sites  within  US. 
Resume  to:  Semafor  Technolo¬ 
gies,  Inc,  3300  Holcomb  Bridge 
Rd,  Suite  212,  Norcross,  GA 
30092 


F/T  Programmer:  Assist  w/  the 
developing,  designing,  maintain¬ 
ing,  testing  &  installing  company's 
proprietary  software  packaging 
applications  as  well  as  various 
web-based  applications  w/spe- 
cific  instruction  &  supervision 
of  Sr.  Programmers.  Work  w/ 
Oracle,  SQL,  C++,  object  oriented 
programming,  JavaScript  &  Visual 
Basic.  Under  supervision  design 
systems  &  components,  test 
programs  &  system  modules  & 
components  to  ensure  they  meet 
system  requirements  &  trouble 
shoot  any  defects  found.  Must 
have  Bachelor's  degree  in 
Computer  Science  or  related 
field.  Educational  and  or  work 
background  must  have  included 
above-referenced  skills.  Send 
resume:  cchung@ups.com  or 
UPS,  Jobcode  IASCW.  Atten: 
Carol  Chung,  HR,  R-2A-105A, 
PO  Box  833.  Mahwah,  NJ  07430 


Software  Engineer  wanted  by 
Noriden  Corp.  in  Piscataway, 
NJ.  Must  have  a  Master's  degree 
in  computer  science  or  related 
fields  with  at  least  two  years 
experience.  Job  duties  include 
designing  and  developing  archi¬ 
tecture  for  online  customer 
application  systems  using  object 
oriented  technology  and  various 
software  development  tools,  and 
developing  and  implementing 
high  performance  applications 
using  various  data  communication 
protocols,  standards  and  equip¬ 
ment.  Please  send  resume  to 
www.noriden.com 


Express  Services  Engineer: 
Provide  tech,  consulting  to  oust. 
&  systems  integrators  to  plan, 
build  &  deploy  Dynamo-driven 
web  applications  using  Java, 
C++,  SQL,  UNIX,  Win  NT,  & 
object-oriented  dev’t.  Analyze 
client  needs,  identify  optimal 
solutions,  &  support  on-site 
implementation  of  products. 
Qualify  with  MS,  Comp.  Sci.,  or 
related  field.  Send  2  CVs  to: 
HR,  ATG,  Inc.,  25  First  St, 
Cambridge,  MA  02141 ,  an  EOE. 


SALES  MANAGER 

Pelco,  Closed-circuit  TV  Manu¬ 
facturer,  located  in  Clovis,  CA  is 
hiring: 

Strategic  Accounts  Manager 
(Sales  Manager) 

Job  requires  travel  throughout 
the  U.S. 

REQ:  Bachelor's  degree  or  equiv. 
in  Bus.  Admin.,  Marketing  or 
related  field  (in  lieu  of  Bachelor's, 
will  accept  3  yrs  exper  in  job, 
mkting,  or  rel.)  +5  yrs  exper  in 
CCTV  &  video  equip  industry, 
incl.  3  yrs  marketing  exper  w/ 
customer  strategies.  Resumes 
to:  Pelco,  HR,  Attn:  Kathy  Tucker, 
3500  Pelco  Way,  Clovis,  CA 
9361 2  or  email  to  HR@Delco.com. 
Affirmative  Action/EOE. 


Software  Engineer  with  complex 
software  systems  design 
and  development  experience  to 
work  in  our  Burlington,  MA 
office.  Send  resume  to  Jay  R. 
Smith  Manufacturing  Co.,  27781 
Gunter  Park  Drive  East, 
Montgomery,  AL  36109, 
Attn:  HR  Mgr.,  Req.  #SE-02-93- 
BN03-MO  or  on-line  to 
mike.polis@jrsmlth.com  with 
Req.  #SE-02-93-BN03-MO  in 
subject  line. 


Senior  SDK  Technical  Architect 
(Atlanta,  Georgia)-Team  leader 
responsible  for  analysis,  design, 
implementation,  &  testing  of 
complex  architecture  frameworks 
for  customized  enterprise  appli¬ 
cations  integration  using  Java  in 
J2EE  environment  as  foundation 
&  EJB,  JSP,  SOAP.  XML  &  XSL 
for  production  customization. 
Must  have  a  Bach.  deg.  or  foreign 
degree  equiv.  in  Comp.  Sci.  or 
related  field  &  5  yrs  of  exp.  in  the 
job  offered  or  5  yrs  of  exp.  in 
a  position  involving  technical 
architecture  development.  Expe¬ 
rience  mentioned  may  have 
been  obtained  concurrently  and 
must  include:  (i)  3  yrs.  exp.  in 
Java;  (ii)  2  yrs  of  exp.  each  in 
J2EE,  EJB,  JSP.  XML,  &  XSL;  & 
(iii)  1  yr  of  exp  each  in  Enterprise 
Application  Integration,  ERP  & 
SOAP.  Must  have  legal  authority 
to  work  in  U.S.  Send  resume  to 
Angela  Beeman  (REFLSDK).  SI 
Corporation,  3500  Lenox  Road, 
Ste.  200,  Atlanta,  GA  30326. 


Software  Engineer  (St.  Louis. 
MO):  will  analyze,  design,  and 
test  various  modules  of  information 
management  system  utilizing 
Logic  and  Information  Network 
Compiler,  (LINC),  LINC  Design 
Assistant  (LQA),  Unisys  mainframe 
Database  management  system 
(DMS),  Oracle,  and  SQL;  write 
design  specification  for  changes 
in  the  systems  and  monitor  all 
aspects  of  development  life 
cycle  to  ensure  standards  are 
followed;  and  maintain  GUI 
screen  using  PowerClient  utility 
and  Visual  Basic.  Must  have  a 
Bachelor’s  degree  in  Comp.  Sci., 
Elect./Electronics  Engineering. 
MIS,  Math,  or  a  closely  related 
field  plus  2  yrs.  exp.  in  offered 
position  or  in  a  closely  related 
occupation  such  as  Programmer 
Analyst  or  Software  Developer. 
$62,200/yr;  40  hr/wk;  Mon.-Fri., 
8:00am-5:00pm.  Respondents 
must  be  presently  authorized 
for  permanent  employment  in 
U.S.  Resume  to:  Mrs.  Myra 
Huhmann,  Division  of  Workforce 
Development,  Employer  Relation 
(450-0050),  P.O.  Box  1087, 
Jefferson  City,  MO  65102-1087 
Re:  Job#0316269.  An  employer 
paid  AD. 


Seeking  qualified  applicants 
for  the  following  positions  in 
Memphis,  TN:  Senior  Technical 
Analyst.  Research,  evaluate,  im¬ 
plement  and  coordinate  changes 
to  large,  complex  computer 
systems/applications.  Require¬ 
ments:  Bachelor's  degree*  in 
computer  science,  math  or  related 
field  plus  5  years  of  experience 
in  systems  development,  including 
programming.  Experience  with: 
either  C,  C++  or  Java;  Tibco;  and 
messaging  also  required.  Manager 
Project/Process  (IT).  Manage 
software  development  life  cycle 
(SDLC)  process  for  major  ana¬ 
lytical  pricing  projects  and/or 
processes  requiring  involvement 
of  user  area  and  systems  devel¬ 
opment.  Requirements:  Bachelor's 
degree*  in  business,  computer 
science  or  related  field  plus  5 
years  of  progressive  experience 
in  systems  development  and/or 
operations  analysis.  Experience 
with  analytical  pricing  project 
management;  mainframe  systems 
/software  (IMS  or  CMS);  and 
SQL  also  required.  ’Master's 
degree  in  appropriate  field  will 
offset  2  years  of  general  experi¬ 
ence.  Indicate  which  position  you 
are  applying  for  and  submit 
resumes  to  Sibi  George.  FedEx 
Corporate  Services,  1 900  Summit 
Tower  Blvd.,  Suite  1400,  Orlando, 
FL  32810.  EOE  M/F/D/V. 


SR.  WAN/LAN  ENGINEER 
wanted  by  comp,  consulting  firm 
in  Sugar  Land,  TX.  Need  degree 
&  exp.  Respond  by  resume  only 
to.  Ms.  B.  Nelson,  Recruiter 
W/C  #10,  Digital  Consulting  & 
Software  Sen/ices,  One  Sugar 
Creek  Center  Blvd.,  Ste  500, 
Sugar  Land,  TX  77478. 


Princeton  computer  consulting 
firm  needs  software  developer  to 
design  and  develop  business 
and  financial  applications  using 
Visual  Basic.  Oracle,  MSL-SQL 
Server,  Sybase,  ASP.  ActiveX, 
COM/DCOM,  Crystal  Reports, 
S-Designer  and  Visual  Interdev 
in  Windows  NT/98/2000  envi¬ 
ronments.  Must  have  B.S.  in 
Comp.  Sci.,  Engg.,  Math, 
Physics  or  related  discipline  plus 
5  yrs.  relevant  exp.  Reply  to:  S. 
Nemani,  4365  Ftt.  1  South, 
Princeton,  NJ  08540. 


Sr  Systems  Analysts  to  analyze, 
design,  develop,  test,  implement 
maintain  complex  commercial 
systems  and  custom  dient/server 
business  applications;  provide 
expertise  in  software  method¬ 
ologies  &  project  management 
to  implement  projects;  design, 
develop  configuration  manage¬ 
ment  systems  using  COBOL, 
JCL.  CICS.  VB,  Xpeditor.  File-Aid. 
and  SQL;  interact  with  users  to 
document  system  requirements; 
create  stored  procedures  and 
triggers.  Requires:  Master's 
degree  or  foreign  equiv  in  CS/ 
Bus.  AdminVEngg  (any  branch) 
/related  field  with  1  yr  exp.  Highly 
competitive  salary.  Some  travel 
involved.  F/T  position.  Resume 
to:  Cosyne  Enterprises  Inc.. 
3505  Koger  Boulevard.  Suite 
130,  Duluth,  GA  30096 


Software  Engineers,  Dallas,  TX. 
Java,  EJB  &  WebLogic  server, 
web  development;  HTML,  Java 
Script,  &  Oracle  or  MS  SQL 
Server,  Unix  &/or  Windows  NT  & 
XML.  BS  in  comp,  sci  &  2  yrs 
exp.  in  development.  Must  be 
authorized  to  work  permanently 
in  US.  Fax  resume:  J.  Scott 
©Viewlocity,  404-267-6503. 


Multiple  positions-Software 
Engineer  wanted  w/BS  &  2 
yrs.  Exp.  in  Houston,  TX.  Send 
resume  to:  HR  Dept.,  Scicom 
Americas,  Inc.,  1500  S.  Dairy 
Ashford,  Ste  241 ,  Houston,  TX 
77077. 


Scholle  Corporation  located  in 
Elmhurst,  IL  requires  Systems 
Analyst  to  develop,  test  & 
implement  systems  in  packaging 
industry  using  Visual  Basic  & 
XML.  Requires  BS  Computer 
Sci,  Engineering  or  related  field 
+  4yrs  exp.  Respond  to:  C.  Ther, 
Scholle  Corp.,  Ste  300,  360W. 
Butterfield  Road,  Elmhurst,  IL 
60126. 


♦ 


Software  Engineer  (Atlanta,  GA): 
Design  &  implement  electronic 
billing  presentment  &  components 
for  CRM  account  management 
website  in  mulb-tiered  &  distributed 
environment  Design  &  implement 
secure  FTP  transmission  systems. 
Work  w/  Java.  Siebel  CRM, 
PERL,  C/C++;  including  Java 
script,  Weblogic,  ANT.  JBuilder, 
CGI,  JSP.  ASP,  VB.  VB  Script, 
Oracle.  SQL  &  HTML.  Req. 
Bachelor's  or  its  foreign  degree 
equivalent  in  C.  Sc.  or  other 
engineering  field  +  2yr.  exp.  in 
job  offered  Resume  to:  Human 
Resources;  job  code  CWDB78. 
Cbeyond  Communications,  320 
Interstate  North  Pkwy,  SE.  Ste 
300,  Atlanta.  GA  30339 


Become  a  Microsoft  Windows  2000  Security  Expert. 

It's  easy.  Just  point,  click  and  choose  the  format  that  works  best  for  you: 
•CD-ROm  -Web-Based  •Hands-On  •Uirtual  Classroom 

Uisit  lletSmart  today  at  www.nwnetsmart.com 
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BackSpin 


Mark  Gibbs 


RIAA;  Licensed  to  hack? 


L 


ast  October  I  chastised  the  Re¬ 
cording  Industry  Association  of 
America  in  this  column  (www. 
nwfusion.com,  DocFinder:  1135)  for 
trying  to  get  legislation  passed  that 
would  protect  its  members  against 
liability  for  damage  to  data  or  ser¬ 
vices  incurred  while  protecting  copyrights  through 
what  were  essentially  hacking  techniques. 

Well,  that  attempt  died  a  quiet  and  unmourned 
death, and  I  had  hoped  that  would  be  that. 

But  no,  the  RIAA  has  recently  persuaded  California 
Congressman  Howard  Berman  —  whose  district  in¬ 
cludes  Hollywood  (surprise)  —  to  create  a  bill  that 
would  provide  shelter  for  copyright  owners  such  as 
record  labels  and  movie  studios  against  liability  for 
action  they  take  to  stop  peer-to-peer  Web  sites  from 
enabling  illegal  file-sharing  (DocFinder:  1132). 

“While  P2P  technology  is  free  to  innovate  new, 
more  efficient  methods  of  P2P  distribution  that  fur¬ 
ther  exacerbate  the  piracy  problem,  copyright  own¬ 
ers  are  not  equally  free  to  craft  technological 
responses,”  Berman  said  in  a  speech  last  month. 
“Congress  should  free  copyright  creators  and  own¬ 
ers  to  develop  and  deploy  technological  tools  for 
addressing  P2P  piracy  We  could  do  this  by  creating 
a  safe  harbor  from  liability  for  copyright  owners 
that  use  technological  means  to  prevent  the  unau¬ 


thorized  distribution  of  their  copyrighted  works  via 
P2P  networks.” 

Copyright  holders  under  Berman’s  bill  would  be 
allowed  to  undertake  various  countermeasures, 
including  interdiction  —  swamping  a  supposed  P2P 
file  server  with  false  requests  so  that  downloads  are 
slowed  or  stopped;  redirection  —  pointing  supposed 
file  swappers  at  servers  that  don’t  contain  the  files 
they’re  looking  for;  and  spoofing  —  providing  cor¬ 
rupt  or  otherwise  undesirable  files  in  place  of  what¬ 
ever  file  is  trying  to  be  swapped. 

That’s  all  well  and  good.  After  all,  the  copyright 
holders  are  protecting  their  own  rights  aren’t  they? 

Ah,  but  notice  my  use  of  “supposed" —  this  was  not 
for  mere  decoration.  Oh  no,  because  if  the  copyright 
holders  make  a  mistake  under  this  ill-conceived  bill, 
they  won’t  be  held  liable,  will  they?  Oh,  I  know  that 
Berman  has  said  that  “such  legislation  must  be  nar¬ 
rowly  crafted,  with  strict  bounds  on  acceptable 
behavior  by  the  copyright  owner . . .  [and  should 
also]  provide  for  strong  penalties  against  abuse  of 
the  authority  provided  by  the  safe  harbor? 

But  can’t  you  just  see  it?  You’re  getting  ready  for 
work  one  morning.The  birds  are  singing,  you’re  on 
time,  the  coffees  just  finished  brewing,  and  as  you 
step  out  of  the  shower  your  home  phone  rings, your 
cell  phone  rings  and  your  pager  goes  off. The  mes¬ 
sages  from  the  office  all  say  the  same  thing:  “We  have 
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a  fraction  of  our  Internet  access  bandwidth  left, 
hardly  any  e-mail  is  getting  in  or  out,  our  Web  servers 
have  crashed,  the  FTP  server  got  wiped  clean  and 
what  are  you  going  to  do  about  it?  Now” 

Your  day  has  turned  into  a  living  inferno. Twenty- 
four  hours  later  you’ve  got  a  splitting  headache  and 
raging  indigestion. You’re  exhausted, strung  out  on 
stale  coffee,  sweaty  and  greasy, short-tempered,  and 
talking  to  some  geek  from  the  RIAAs  hit  squad. 

“Sorry”  he  says, “I  guess  we  got  the  wrong  IP 
address  . . .  We  took  out  your  servers?  Oh.  Sony? 

Just  try  to  take  ’em  to  court. 

But  eventually  —  and  at  great  cost  —  enough  con¬ 
sumers  and  businesses  will  have  been  erroneously 
hit.  A  class-action  lawsuit  will  emerge  to  waste  every¬ 
one’s  time  and  money,  only  to  wind  up  at  the  Su¬ 
preme  Court,  which  will  say  the  bill  was  stupid  as  it 
contravened  this,  violated  that  and  rode  roughshod 
over  the  other. Then  it  will  be  back  to  the  drawing 
board  for  the  RIAA  and  its  band  of  merry  men  hav¬ 
ing  made  everyone’s  life  just  that  little  bit  harder. 

This  kind  of  legislation  is  plain  crazy  At  best  it  is  ill- 
conceived  and  shortsighted.  At  worst.it  is  irresponsi¬ 
ble  and  unethical. And  it  could  pass  this  time.So  tell 
Berman  —  howard.berman@mail.house.gov  —  how 
wrong  his  thinking  is. 

Cries  of  outrage  to  backspin@gibbs.com. 


uzz  News,  insights,  opinions  and  oddities 


By  Paul  McNamara 


Readers  get  their  turn  at  bat 

Time  for  another  round  of  reader  e-mail . . .  and  I 
swear  not  a  blessed  one  of  them  will  be  about  that 
Hewlett-Packard  television  commercial. 

An  item  in  which  Buzz  bellyached  about  the  likely 
costs  associated  with  all  of  the  online  privacy  legis¬ 
lation  floating  about  generated  this  gentle  rebuke: 

“I  found  your  column  on  privacy  readable  but  mis¬ 
guided,"  writes  Jim  McQuaid,  who  knows  how  to  be  polite  yet  pointed.  "Anytime 
we  view  our  rights  as  ‘inconvenient’  or  'expensive'  we  have  just  put  a  price  on 
freedom  and  gotten  ready  for  the  auction. . . .  Getting  spam  is  really  not  the 
worst  outcome  in  the  world,  I  admit.  But  marketing  to  children  generally  is  totally 
out  of  control  in  our  society. . . .  Yes,  we  will  all  pay.  And  yes,  egregious  and  frivo¬ 
lous  economic  impacts  need  to  be  considered  [this  is  not  unique  to  this  issue]. 

But  it  will  be  worth  it  to  preserve  our  liberties." 

An  item  ridiculing  a  Minnesota  court  ruling  that  appeared  to  require  the 
presence  of  a  police  officer  any  time  an  ISP  went  about  finding  information 
demanded  by  a  warrant  generated  this  comeback  from  a  former  lawman. 

“I  would  want  to  be  there  to  be  sure  [the  ISP  is  conducting  a  legitimate  search] 
and  not  just  telling  me  it  looked  and  didn't  find  anything,"  writes  Rick  Godin.  "I’m 
sure  that  Yahoo  and  others  don’t  want  to  incur  the  cost  of  overtime  pay  for  their 
employees  to  be  involved  in  time-consuming  and  expensive  searching.  I  guess 
another  option  would  be  to  seize  the  ISP’s  equipment  and  return  it  after  a  thorough 
independent  search  was  completed.  Given  the  choices,  I’d  opt  for  the  flatfoot.” 

Well,  if  you  put  it  that  way,  me,  too. 

Mike,  who  asked  that  his  last  name  be  omitted,  wrote  to  question  the  wisdom  of 
my  publishing  an  item  about  a  technique  that  is  apparently  being  used  by  spam¬ 


mers  to  fool  spam  filters:  inserting  random  gibberish  —  snippets  of  nursery 
rhymes,  for  example  —  into  the  text  of  the  message. 

"Yes,  I  was  interested  to  see  your  tidbit  about  a  potential  way  around  spam  fil¬ 
ters,  but  I  found  it  much  more  bothersome  that  you  may  indeed  be  helping  spam¬ 
mers.  I  really  don’t  want  clever  ideas  spread  around  spammers." 

It’s  tough  to  write  about  such  a  subject  without  running  that  risk,  of  course.  And 
I’m  not  sure  too  many  spammers  are  turning  to  Network  World  for  tips  anyway. 

Few  subjects  generate  more  reader  reaction  than  online  taxes. 

"In  regards  to  comments  about  taxing  online  sales  —  I  don’t  really  understand  tax 
law  too  much,  but  I  do  know  that  our  organization  is  required  by  our  state 
[Nebraska]  to  pay  ‘use  tax’  on  purchases  we  make  where  we  didn’t  pay  Nebraska 
sales  tax,"  writes  Scott  Matthews.  "I  would  guess  that  the  people  complaining 
about  a  potential  online  sales  tax  are  not  paying  the  taxes  they  already  owe.” 

Good  guess. 

An  item  about  a  vendor's  public  relations  stunt  that  was  built  around  the  self- 
serving  question  —  “How  big  is  2  to  the  104th?”  —  prompted  this  bit  of 
one-upmanship. 

"Try  the  largest  number  that  can  be  represented  by  the  digits  0  through  6," 
writes  Dave  Corbin.  "It's  2(3(4(5(6(10))))).  It  has  10(56)  digits,  approximately.  At  1 
digit  per  16th  of  an  inch,  the  piece  of  paper  would  cover  the  spherical  universe  as 
far  as  Hubble  can  see.  You  can  prove  the  last  digit  is  2,  by  the  way." 

My  calculator  is  broken,  so  feel  free  to  check  the  guy’s  math. 

And,  finally,  we  have  this  nice  note. 

"I  enjoy  reading  your  column,  particularly  your  reports  on  the  e-mail  you 
receive,”  writes  John  Wyman.  "People  are  wonderful  in  their  ideas,  complaints, 
etc. . . .  P.S.  I  like  the  technology  items  in  your  column,  too." 

Please  don 't  disappoint  Mr.  Wyman.  Send  your  comments  to  buzz@nww.com  so  we 
can  do  this  again  sometime. 
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Systems 


Outsourcing. 


frastructure. 


Server  Technology. 


Consulting. 


Imagine  it: 

Scaling  up  to  a  server  for  mission-critical 
applications  that’s  stable,  easy  to  manage  and 
delivers  enterprise-class  performance.  All  in  a 
server  that  maximizes  the  benefits  of  your 
enterprise  operations. 


Unisys  has  made  it  ail  real  with  our  ES7000  server. 
It  harnesses  32  Intel®  Xeon™  Processors  for 
scalability  and  grown-up  enterprise-class 
performance.  Unisys  has  created  a  server  with 
advanced  systems  management  for  less 
babysitting  and  rock-solid  reliability  running 
Microsoft®  Windows®  2000  Datacenter  Server 
software.  It  all  adds  up  to  reduced  total  cost  of 
ownership  and  a  mature  server  environment  to 
simplify  your  operations. 


Server  Technology  with  precision  thinking, 
relentless  execution  to  drive  your  vision  forward. 


©  2002  Unisys  Corporation.  Unisys  is  a  registered  trademark  of  Unisys  ■.  rw 
Intel  Inside  logo,  and  Intel  Xeon  are  trademarks  or  registered  trademaik  01 
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All  rights  reserved.  Microsoft,  Windows  and  the  Windows  logo  are  eithe 
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Customers  worldwide  are  reaching  their 
Metro  destinations  the  same  way:  they've 
chosen  the  RS  38000  because  it  delivers  the 
unique  combination  of  service  creation  and 
high-availability  networking  required  at  the 
core  of  the  world's  largest  Metropolitan  Area 
Networks.  With  170  Gigabit  of  switching 
capacity,  the  RS  38000  offers  the  richest 
array  of  metro-optimized  services  over  the 
widest  range  of  network  interfaces.  Using 
hardware-based,  metro-optimized  MPLS,  the 
RS  38000  provides  cutting-edge  IP  services 
such  as  Bandwidth-on-Demand,  Virtual 
Leased  Lines,  and  Transparent  LANs. 


The  RS  38000  also  sets  the  industry 
standard  for  high-availability  Metro  networking. 
Riverstone’s  Hitless  Protection  System  (HPS) 
enables  live  software  upgrades  and  control 
module  restarts  without  disrupting  customer 
traffic.  Full-hardware  redundancy  and  software 
resiliency  features  such  as  VRRP,  RSTP, 
ring-optimized  RSTP,  and  graceful  routing 
restart  make  the  RS  38000  a  true  carrier-class 
router.  Which  is  why  it’s  already  converting  raw 
bandwidth  into  profitable  services  in  the 
world’s  largest  Metropolitan  Area  Networks. 


THE  RS  38000  POWERS  THE  WORLD'S 
...  LARGEST  METRO  NETWORKS. 
ARE  YOU  ON  BOARD? 


Get  on  board  now.  Contact  us  at  877-778-9595 


or  visit  riverstonenet.com 
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